Playbook construction

I would like to ask the community if perhaps someone has created a playbook that takes in Snort/Suricata alert data. I am looking a creating a automated block process that will compare an IDS alert with a Threat notification from the PAN. If the src_

Question from Playbook Optimization webinar: Playbook Mata-Data command

Tried the getInvPlaybookMetaData on a couplf of our incidents "Command: !getInvPlaybookMetaData incidentId="104541" minSize="10" (Builtin) No data returned" Can you advise? 

** Note: this is a question from our Customer Success Webinar: Playbook op

Question from Playbook Optimization webinar: Load time

Are these load times expected? I've noticed our load times are pretty rough after some recent updates.

** Note: this is a question from our Customer Success Webinar: Playbook optimization in Cortex XSOAR

Cortex XSOAR 

Question from Playbook Optimization webinar: Global context

what you did in order to make context globally?

** Note: this is a question from our Customer Success Webinar: Playbook optimization in Cortex XSOAR

Cortex XSOAR 

Question from Playbook Optimization webinar: Incident history

How can I configure or create a job that gets rid of incidents that are X days old? For example, I don't need to keep incident history for more than 2 days, I want to save space removing them.

** Note: this is a question from our Customer Success W

Question from Playbook Optimization webinar: Sub-Playbook outputs

using outputs of subplaybook requires creating custom fields. Or can this be done differently?

** Note: this is a question from our Customer Success Webinar: Playbook optimization in Cortex XSOAR

Cortex XSOAR 

Question from Playbook Optimization webinar: Outputs & Sub-Playbooks

What does happen if are there 2 outputs with the same name in a playbook containing more subplaybooks?

** Note: this is a question from our Customer Success Webinar: Playbook optimization in Cortex XSOAR

Cortex XSOAR 

Question from Playbook Optimization webinar: Playbook best practices

any best practices for playbook?

** Note: this is a question from our Customer Success Webinar: Playbook optimization in Cortex XSOAR

Cortex XSOAR 

Question from Playbook Optimization webinar: Sub-Playbook context keys

How can you access subplaybook context keys? I does not work sometimes to reach the subplaybook-xxx.

** Note: this is a question from our Customer Success Webinar: Playbook optimization in Cortex XSOAR

Cortex XSOAR 

Question from Playbook Optimization webinar: Sub-Playbook quiet mode

Let's say we fix a sub playbook to run in quiet mode cos it's larger than 150KB. Will this affect the main playbook if it is dependent on the subplaybook output. Also will it fix all the older incidents that have already run ?

** Note: this is a qu

Question from Playbook Optimization webinar: Command modification

Is it possible to modify all instances of a command? For instance, if we wanted to change the "Run without a worker" setting on all usages of sleep - is that possible? Or would I need to do it 1-by-1? Or even possible per playbook maybe with multi-se

Question from Playbook Optimization webinar: Playbook unassigned

how can we unassigned the playbook?

** Note: this is a question from our Customer Success Webinar: Playbook optimization in Cortex XSOAR

Cortex XSOAR 

Question from Playbook Optimization webinar: List lookup

Is a conditional list lookup always considered 'better' in terms of performance compared to loading a list into context or just when the list is very large?

** Note: this is a question from our Customer Success Webinar: Playbook optimization in Cor

Question from Playbook Optimization webinar: Sub-Playbook

I have heard from a support member that it's bad practice to go more than on sub-playbook team, ie don't have subplaybooks within subplaybooks. Can you clarify? 

Cortex XSOAR