As of version 6 we're able to run playbooks when a container is closed. That's the easy part. Canceling running playbooks takes a few custom API calls.

    # Pulls the id for this playbook. It shouldn't be hardcoded because the ID changes with each version and may not increment as expected
    my_id_url = phantom.build_phantom_rest_url('playbook') + '?_filter_name="my_playbook_name"'
    my_id_resp_json = phantom.requests.get(my_id_url, verify=False).json()
    my_id = my_id_resp_json['data'][0]['id']
    
    # Runs a query to pull the audit data of the current container
    audit_url = phantom.build_phantom_rest_url('container', container_id, 'audit')
    audit_resp_json = phantom.requests.get(audit_url, verify=False).json()

    for i in audit_resp_json:
        # Looks for any playbook that has run in the container
         if i['AUDIT SOURCE'] == 'Playbook Run':

                # Runs a query to find details on each run
                runs_url = phantom.build_phantom_rest_url('playbook_run', i['AUDIT ID'])
                runs_resp_json = phantom.requests.get(runs_url, verify=False).json()
                

		# Finds any playbook that is currently running which isn't this one
                if runs_resp_json['status'] == 'running' and runs_resp_json['playbook'] != my_id:
                    
                    #Sends a POST to cancel any that match the above criteria
                    cancel_url = phantom.build_phantom_rest_url('playbook_run', runs_resp_json['id'])
                    cancel_post = phantom.requests.post(cancel_url, data='{"cancel":true}', verify=False)

                    # If successful, up the succes count
                    if cancel_post.status_code == 200:
					    # Success
                    else:
                        # Failure