A task uses a runSearch operator to run a search or a callScript operator to execute a script.

In Advanced Mode, task steps are shown with a yellow header. In our example playbook, the query area shows a callScript task, Pan_Threat_VirusTotal_Check, which looks up the source IP address in VirusTotal to determine whether that service has classified the address as suspicious.

To configure a task:

  1. Create or edit a playbook in Advanced Mode.
  2. Click + for the parent step on the map and select Task.

The playbook map shifts to the left panel, and the settings show on the right. The step you just added is highlighted.

  1. Enter the query in the query area enclosed in backtick (`) marks, or click Available Operators and UDFs and select the operator or user-defined function (UDF) to add it in the query area.

  2. Modify the query as needed.

  3. Click Update Table.

The Run Task button is useful if you want to see how a task affects downstream steps as you are creating your playbook. After creating a task step, click Run Task to have the results of the task reflected in the results table and in the results for downstream steps. This step is required only for task steps. For other step types, the results are automatically included in the results table and reflected in the downstream steps.


What's Next
Did this page help you?