ThreatConnect Playbook Paradigms and Constructs

A collection of paradigms and constructs for building playbooks in ThreatConnect.

This is currently a living document and should not, by any means, be considered canon. These are just helpful tips and hints that will help you build more robust, effective, and maintainable Playbooks. Available as a gitbook here:


Floyd Hightower

Recent Updates

  • Adding construct for how to return response codes from a playbook triggered with an "HTTP Trigger" here

  • Adding paradigm on how to structure playbook systems here

  • Adding link to open-source, ThreatConnect resources here.

  • Adding article on how to iterate through an array with playbooks here.