Add New Playbook

Click on the [Playbook] main tab.
Click on the button.

In the [Add New Playbook] popup window, enter the “Name” of the job, and a corresponding “Description”.
Click [OK].

Create Playbook

To create a Playbook:

Click on the [Playbook] main tab.
Doubleclick your new Playbook.

The [Node] panel will appear on the right side of the screen.

Click and hold a Node from the [Node] panel on the right side of the window, and drag it to the Playbook Field.

Nodes

Nodes are individual components that perform specific tasks, such as device communication, data processing, or conditional logic. They can be visually connected to create complex operational sequences called Playbooks.

Once a Node is in the Playbook Field, click the button in the top right corner of the node to change the descriptive Alias of the Node.

Node List

The [Node] panel is on the right side of the screen. These are the different options to configure a job to run.

Node Option	Explanation
And	Only proceed after both inputs have received a signal
Backup Device	Run a device backup
Chat App (Webhook)	Send messages to either Teams/Slack/Mattermost/Webex/Line/Google Chat using a pre-configured Webhook
Compliance Remediation	Get information from a Compliance Rule Set configured to run this playbook
Merge by Device	Combine inputs to a single output per device
Device Search	Search for devices in the inventory to be acted upon
Email	Send an email with tabular data
Incident	Get information from an alert policy configured to run this Playbook
Load Configuration	Load and output a configuration file from a previous device backup
Memo	Save a note
Raise Compliance Violation	Create a Violation on the passed in device with a configured message and severity
Regex Match	Execute a regular expression against the output of a node
Rule Set	Run a Rule Set against the output of a node
Run Code	Run a block of code on your devices
Run Code with Automatic Retry	Run a block of code on your devices a number of times or until it is successful
Schedule	Schedule this playbook to run automatically
Set Variables	Set or update variables before forwarding input
Sleep	Delay for a number of milliseconds before forwarding input
SSH Exec	Execute a command on remote SSH host
To CSV	Serialize data to text formatted as comma separated values
To Json	Serialize data to text formatted as JSON
Update Fields	Update a Device’s custom fields, variables can be placed into a fields by writing the variable name wrapped in {curly brackets}
Upload File	Send a file to your devices

Node Types by Position

Nodes are classified into “Start”, “Middle”, and “Terminal” based on their input/output terminals:

Start Nodes (Initiate processes)

Device Search: Selects devices from inventory
Compliance Remediation: Triggers on policy violations
Incident: Starts with alert policy triggers
Schedule: Time-based activation

Middle Nodes (Process data/decisions)

And Gate: Requires multiple input conditions
Regex Match: Filters text outputs and can set variables from Java 8 regex style capture groups
Run Code: Executes a series of commands on your device
Run Code With Automatic Retry: Run a series of commands on your device a number of times or until it is successful
Ruleset: Run a ruleset against the output of a node
Merge by Device: Combines inputs based on the device each is associated to
Sleep: Adds timed delays (1ms-2h)
SSH Exec: Runs CLI commands
Load Configuration: Load a previously backed up configuration file, often for use in verification nodes later in the Playbook
Backup Device: Run a device backup
Set Variables: Set or update variables on inputs for use as replacements later in the Playbook
To CSV: Serialize inputs to text formatted as comma separated values
To Json: Serialize data to text formatted as JSON
Update Fields: Update a Device’s custom fields, variables can be placed into fields by writing the variable name wrapped in {curly brackets}
Upload File: Send a file to your devices

Terminal Nodes (Final outputs)

Email Notification: Send an email with a configurable summary of actions performed in the playbook
Chat Webhook: Sends a message to Teams/Slack/Mattermost/Webex/Line using a pre-configured Webhook integration
Raise Compliance Violation: Sends Compliance Violation notifications

Note:

There have been recent changes to the Nodes side panel:

The icon for the [Regex Match], Node has been updated:

A new node, [Merge by Device], has been added:

A new node, [Load Configuration], has been added:

A new node, [Raise Compliance Violation], has been added:

Node Search

You can search for Nodes that you want to add by name, or filter the Nodes that are visible in the Nodes list by using the Nodes Search function at the top of the right sidepanel.

Add Node

To add a Node:

Click the [Playbook] main tab.
Doubleclick the Playbook to which the Node will be added.
Click and drag a Node from the Node list in the righthand panel, to the Playbook Field.

Select Device

To select a device:

Click the [Playbook] main tab.
Create or open a Playbook.
Add a “Device Search” Node to you workflow from the Node list on the right side of the window.
On the “Device Search” Node, click [Device Selection].

There are three options in the [Device Selection] window:

Option	Explanation
All Devices	Select all devices in the [Inventory] tab
Search	Select the [Add Criteria] and select options to select devices
Static List	Select devices from the [Inventory] tab and add to the selection

Selecting “Search” allows you to narrow your search using multiple criteria.

Run Code

To run code on a device:

Add a “Run Code” Node to you workflow from the Node list on the right side of the window.
Click the [Code Editor] button.
Enter a cli command for the devices you have selected.

Raise Compliance Violation

The [Raise Compliance Violation] Node sends Compliance Violation notifications to users via four methods:

Email
Webhook to Teams/Slack/Webex/Line/PagerDuty/Google Chat
Both email and Webhook
Notifications in ThirdEye’s [Inventory] main tab > Editor [Compliance] tab.

To view the details of the Violation in ThirdEye`s [Compliance] tab:

Click the [Inventory] main tab.
Doubleclick the device to open the its Editor window at the bottom of the screen.
Click the Editor’s [Compliance] tab.

The source of the Violation severity icon, Compliance Violation, Compliance Policy Name, and Violation message are displayed in the left sidepanel of the Editor.

For more information about the Violation, you can click the [Playbook] main tab to check the Violation History.

The History is located in the right sidepanel.

Connect Nodes

You can connect Nodes to create Playbook.

To connect nodes, click and drag from an output port (right side) of one Node, to an input port (left side) of another node.

Press [Backspace] on your keyboard to remove unwanted connections.

Remove Nodes or Connection

To remove a node, or a connection, select the desired item, and click on [Backspace] on your keyboard.

Running a Playbook

Open the [Playbook] main tab.
Doubleclick the Playbook you want to run.
Click the [Run] button in the menu bar at the top of the window.

The Run button may be disabled based on your permissions and the Playbook’s approval status. Playbooks are subject to the [Approval Function]. Approvals for Playbooks may be managed within both the Playbooks and Jobs Tabs. The same permissions for Jobs are applicable to Playbooks.

Permission	Explanation
Permission to approve a tool job execution.	Authority to approve playbooks that have been requested for approval (approval request).
Permission to run a tool job without approval.	Authority to execute a playbook without requesting approval.

To view the Approvals log for a Playbook:

Click the [Playbook] main tab.
Doubleclick the Playbook you want to
Click the [Job Approvals Log] button to the right of the Nodes panel.

Viewing the Output of a Playbook Run

If you’ve just run a Playbook, you’ll be brought to the Output screen automatically.

To view the output of a previously run Playbook:

Click the [Playbook] main tab.
Click the Playbook you want to see a previous output for.
Browse the History panel on the right side of the screen.
If the execution you’re interested in is not present, search terms may be added to help find it.

Previous executions may also be searched in the [Job History] section of the [Jobs] main tab.

The Playbook Output screen

The Output screen is divided into two main sections. The upper section provides a display of the Playbook exactly as it was when it was executed. Nodes that have created outputs while executing will have their output handles highlighted in green. You can click on a Node, or a Node’s output handle in order to navigate the bottom panel to that Node’s output.

The bottom panel provides tabular data for each of a Node’s output. At its top is a selector to choose which Node’s output you wish to see. If the selected Node has one or more outputs, a series of tabs will be displayed which can be used to view individual outptus in a table. When selecting a Node in this panel, the top panel will fly to the newly selected node to help locate it in the Playbook.

Inside of this tabular data, individual rows may be selected, if the row has more information associated to it, a panel will open with that data. For example, the output of a Run Code node will have the output of the commands exectued on the device hidden until a row is selected.

Using Replacement Values

Many nodes will emit metadata alongside their main result. For a Run Code node this may be device or status. These will all be visible in the table for the Node’s output after starting the Playbook. If a field supports substitution, you may reference a value by surrounding its name with {curly braces} A number of nodes support templated substitution for these values:

Regex Match: The Regular Expression and Compare Against inputs both support substitution.
Run Code: Commands support substitution.
Run Code With Automatic Retry: Commands support substitution.
SSH Exec: Command supports substitution.
Set Variables: Variable Values support substitution.
Update Fields: Field Values support substitution.
Upload File: Commands to pull file from server support substitution.
Raise Compliance Violation: Message supports substitution.

If you want to extract a piece of information into it’s own piece of metadata to be output as a column from a node, the easiest way to do so it to use the Regex Match Node. It supports Java style regular expressions and named match groups will be pulled into a value with that name.

e.g. to pull a Cisco device’s uptime into a value named uptime you can pass the output of show version to a Regex Match node with the Regular Expression:

lab-router uptime is (?<uptime>[\w ,]+)

And Compare Against set to its default of {result}, then this Regular Expression is not designed to match the entire Compare Against value, so let’s enable Partial Match to indicate that we want it to count as a match if the Expression is at least present.

Once this is configured, the output of the Regex Match will include any matched uptimes in a new uptime column, which can be used in subsequent nodes as {uptime}

We can also chain these to capture more specific information by changing Compare Against, for example, if you want to check for switches reset recently, you could check for an uptime that does not match the regex day:

Connect the uptime Regex Match Node to a new Regex Match Node and set the Regular Expression to :

day

Set Compare Against to {uptime}, and again make sure Partial Match is enabled.

Then we can inspect the output of nonMatches or connect handle of this new node to an Email, Webhook, Raise Compliance Violation, or Set Variables node with a message like ‘Device reset recently: {uptime}’ to recieve the results in another way.

Import Playbook

To import a Playbook:

Click the [Playbook] main tab.
Click the button in the menu bar at the top of the window.
Doubleclick the Playbook .json file you want to import.
The Playbook file will appear in the [Playbook] interface.

Export Playbook

To export a Playbook:

Click the [Playbook] main tab.
Doubleclick the [Playbook] you want to export.
Click the click the [Export] button in the menu bar at the top of the window.
Download the Playbook as a .json file.
Click the [Close Playbook] button in the menu bar at the top of the window.

Playbook Categories

The Playbook Category Feature introduces organizational improvements for Playbook management.

With Playbook Categories you can:

Create and edit custom categories
label using colored tags in Playbook lists
Create multiple categories within one playbook

Create Playbook Category

To create a Playbook Category:

Click the [Playbook] main tab.
Click the button next to the “Playbook” main tab title to open the [Categories] window.

Click the button to open the [Add Category] window.

Click the button to select a .svg image for the Category.

Enter a name for the Category.
Click [OK] > [Close].

Edit Playbook Category

Click the button next to the “Playbook” main tab title to open the [Categories] window.
Click the category name in the [Categories] window.
Click the button to open the [Edit Category] window.

Click [OK] after editing.

Delete Playbook Category

Click the button next to the “Playbook” main tab title to open the [Categories] window.
Click the category name in the [Categories] window.
Click the button to open the [Remove Category] window.

Click [Yes].

Compliance Remediations

Playbooks may be executed automatically in response to Compliance Rule Violations.

Click the [Compliance] > [Rule Sets] tabs.
Doubleclick the Rule Set you wish to add a Remediation Playbook to in order to open it in the Editor at the bottom of the page.
Click the “Remediation job or playbook” button in the lower right of the page.