Skip to main content

Playbooks

Playbooks can be configured to execute automatically without user intervention, acting on information from the incident, or can be executed in interactive mode, where user input is required to authorize predefined actions.

To run a playbook, add it to an automation. You can run playbooks in monitors, Cloud SIEM, and Cloud SOAR. Sumo Logic provides a number of out-of-the-box playbooks that you can use install to use your automations. See Playbooks in App Central.

note

The number of actions that can be run per hour is limited to prevent abuse of system resources or runaway processes. For more information, see Actions limit.

tip

You can use Terraform to manage playbooks with the sumologic_csoar_playbook resource.

For more information about using Terraform to manage Sumo Logic components, see Use Terraform with Sumo Logic.

icon

Create Playbooks

Learn how to create playbooks in the Automation Service to run automated actions.

icon

Playbook Payloads

Learn about the data payloads of the different playbook types.

icon

Arrays in Playbooks

Learn how to handle arrays in Automation Service playbooks

icon

Troubleshoot Playbooks

Learn how to test playbooks and troubleshoot playbook problems.

Status
Legal
Privacy Statement
Terms of Use
CA Privacy Notice

Copyright © 2025 by Sumo Logic, Inc.