View automated phishing response playbook flow action designer

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • You can drill down to the Action Designer to view detailed information about the actions being performed for a specific step in the automated phishing response playbook flow.

    This page describes the Action Designer page for the Get Observables from Task step. Select a task in the Action Outline panel to view the details.

    Action Input

    This section shows details on how the action was created including the incident id, the type of observable (hash or IP) and observable finding (malicious emails only).

    Automated phishing playbook flow: action designer inputs

    Get M2M Records

    This section shows the conditions that have been defined to search for observables in a specified table.

    Automated phishing playbook flow: action designer get records

    Get Observables

    This section shows the script used to retrieve observables based on the specified filter conditions. Finally, the observables meeting this criteria and the count is displayed.

    Automated phishing playbook flow: action designer get observables

    Note:
    All actions defined in this flow are reusable and can be modified according to your requirements.