Playbooks allow analysts to automate everyday security tasks and save time. Oftentimes, these playbooks are simple: run a query or complete a single action. However, playbooks can also be very complex. As that complexity grows, there’s a need for more advanced features of playbook design to be considered to ensure they run effectively. One of the ways to do this is to take a look at how parallel action blocks are set to re-join each other to continue processing. Have your complex playbooks ever stopped running unexpectedly after parallel single actions? That’s probably because of your ‘join’ settings. This talk will explain how Phantom’s 'join' logic works, and tips for writing effective and error-free playbooks.
Tune in to learn:
What may cause a playbook to stop running unexpectedly and how to fix it
How to use the join logic effectively
How to properly use Phantom join logic in a live demo