Running
This guide explains how to execute playbooks in S4E Cloud, monitor their progress, and handle execution outcomes.
Starting a Playbook
Manual Execution
From the Playbook Library
- Navigate to Playbooks in the left sidebar.
- Browse or search for the playbook you want to run.
- Click Run next to the playbook name.
- Configure the input parameters:
- Select the target finding(s) or asset(s).
- Set any custom variables required by the playbook.
- Click Start Playbook.
From a Finding
- Open the finding detail page.
- Scroll to the Playbooks section.
- View recommended playbooks for this finding type.
- Click Run on the desired playbook.
- The finding context is automatically populated as input.
- Review and click Start Playbook.
Automatic Execution
Playbooks can be configured to start automatically when specific conditions are met:
- Open the playbook in the editor.
- Navigate to the Triggers tab.
- Add a trigger condition:
- Finding trigger -- New finding matching severity, category, or asset criteria.
- Schedule trigger -- Run at a specific time or interval.
- Webhook trigger -- Start via external API call.
- Save the trigger configuration.
Tip
Test automatic triggers with non-production assets first to ensure the playbook behaves as expected before enabling it for production.
Monitoring Execution
Live View
After starting a playbook, the execution view opens automatically:
- Step timeline -- Visual representation of all steps with their current status.
- Active step -- Highlighted step currently executing.
- Step output -- Real-time output from the active step.
- Elapsed time -- Total execution time and per-step durations.
Step Statuses
| Status | Meaning |
|---|---|
| Pending | Step has not started yet. |
| Running | Step is currently executing. |
| Completed | Step finished successfully. |
| Failed | Step encountered an error. |
| Waiting | Step is waiting for approval or a delay timer. |
| Skipped | Step was skipped due to a condition branch. |
Approval Handling
When a playbook reaches an approval step:
- Execution pauses at the approval step.
- Designated approvers receive a notification.
- The approval request shows:
- Playbook name and current progress.
- The action that will execute upon approval.
- Context from previous steps.
- The approver clicks Approve or Reject.
- On approval, execution resumes. On rejection, the playbook follows the rejection path (if defined) or stops.
Error Handling
Step Failure
When a step fails during execution:
- The playbook pauses at the failed step.
- The error details are displayed in the execution view.
- Depending on the playbook configuration, the failure is handled as:
| Error Policy | Behavior |
|---|---|
| Stop | Halt the entire playbook. Manual intervention required. |
| Continue | Skip the failed step and proceed to the next step. |
| Retry | Retry the failed step up to a configured number of times. |
| Fallback | Execute an alternative step defined as the fallback. |
Manual Intervention
For paused playbooks:
- Retry step -- Re-execute the failed step after fixing the underlying issue.
- Skip step -- Mark the step as skipped and continue.
- Cancel playbook -- Stop the entire playbook. Completed steps are not rolled back.
Warning
Cancelling a playbook does not undo actions that have already been executed. Steps like ticket creation or notification delivery cannot be reversed.
Concurrent Executions
Multiple instances of the same playbook can run simultaneously. Each execution is independent and tracked separately. However, be mindful of:
- External system rate limits (e.g., Jira API, Slack API).
- Conflicting actions (e.g., two playbooks modifying the same configuration).
- Resource consumption on the platform.
Configure concurrency limits in the playbook settings if needed.
What's Next?
- Creating Playbooks -- Build your own playbooks.
- Execution Logs -- Review past playbook runs.
- Approval Flow -- Configure approval workflows.