Skip to main content

Action

Action provides automation capabilities through Playbooks — visual workflow builders that let you create automated workflows by dragging and dropping Bricks onto a canvas and connecting them together. Playbooks automate actions based on events, enabling powerful response workflows without writing code.

Types of Bricks

Playbooks use four types of Bricks, each with a distinct color:

Trigger Bricks (Red)

Triggers are events that initiate a playbook. When activated, they start the workflow.

Examples:

  • Scheduled time (cron)
  • Webhooks
  • Form submissions
  • Email receipt

Operator Bricks (Blue)

Operators determine how a Playbook flows. They act as decision-makers, checking if conditions are met before allowing data to continue.

Examples:

  • If/Else conditions
  • Deduplication
  • Routing logic

Transform Bricks (Orange)

Transforms modify data passed between actions. They filter, format, or restructure data as needed.

Examples:

  • Delay execution
  • Merge data streams
  • Explode arrays
  • Transform structures

Execute Bricks (Green)

Executes perform the actual tasks in your workflow.

Examples:

  • Run queries
  • Execute Python code
  • Send notifications
  • Make API calls
  • Take screenshots
note

Execute Bricks have a left output (red) for error handling — use it to define actions when something fails.

Creating a Playbook

  1. Navigate to Action → Playbooks
  2. Click NEW PLAYBOOK
  3. Enter a name and description
  4. Click CREATE to open the canvas

Building Your Workflow

  1. Click the orange + icon on the left to open the Brick library
  2. Drag Bricks onto the canvas
  3. Configure each Brick by selecting it and providing the required inputs
  4. Connect Bricks by dragging from an output to another Brick's input
  5. Click Save to preserve your changes

Canvas Controls

ButtonAction
DisableStop the Brick from running (turns grey)
EnableStart running the Brick
DuplicateCreate an exact copy of the selected Brick
DeleteRemove the selected Brick
SaveSave the Playbook
warning

Playbooks do not support concurrent editing. If multiple people edit the same Playbook, later saves will override earlier ones.

Use Cases

Automated Response

Trigger actions when alerts are created:

  • Send Slack/Teams notifications
  • Create Jira tickets
  • Block malicious IPs
  • Isolate compromised hosts

Scheduled Tasks

Run periodic operations:

  • Data collection
  • Report generation
  • Health checks
  • Cleanup tasks

Best Practices

Error Handling

Use the left output on Execute Bricks to handle errors gracefully. For example:

  • Add a delay and retry
  • Send a notification on failure
  • Log the error for investigation

Multiple Brick Instances

When using multiple instances of the same Brick, use the Merge State Brick to consolidate data and avoid variable conflicts.