I'm very new to Phantom. Can someone provide some guidance or advice for naming playbooks and what has worked or hasn't worked? We will be starting with a small team that may grow larger working on various playbooks for the SOC.
I come from a coding background so I'm trying to keep things organized and consistent. I've typically used a folder structure to organize files, but it doesn't appear that this can be done. I see there are other fields we can use, but I'm not sure if we should use these fields for organization for the development of playbooks. There are labels, tags, categories, and Repo's.
Anyway, can some experts out there provide some guidance or share your naming conventions and what other fields you're using?
I was thinking of something like the following for playbook names:
usage_dataType_app_description
usage : Who is using it, is this a playbook for the SOC to use or a playbook that's used just by other playbooks to call apps and return data. dataType : Is this for Emails, Web, URL, Files, etc. app : What app this is calling or what we're connecting to (LDAP, API, etc). description : Short, few word description like UrlAnalysis.
Thanks, guys.
... View more