DOCS-1165 - Out-of-the-box playbooks (#5858)

* Rough draft

* Finish draft

* Fix broken links

* Update docs/platform-services/automation-service/playbooks-in-app-central.md

Co-authored-by: Kim (Sumo Logic) <[email protected]>

---------

Co-authored-by: Kim (Sumo Logic) <[email protected]>

Author: jpipkin1

docs/platform-services/automation-service/automation-service-app-central.md

@@ -30,7 +30,7 @@ Before you can access App Central, you must have the App Central Access role cap
    :::note
    <ActionsLimit/>
    :::
-1. **Install**. Click to [install an integration](#install-an-integration-from-app-central) or [install a playbook](/docs/platform-services/automation-service/playbooks-in-app-central/#install-a-playbook-from-app-central).
+1. **Install**. Click to [install an integration](#install-an-integration-from-app-central) or [install a playbook](/docs/platform-services/automation-service/playbooks-in-app-central/#install-an-out-of-the-box-playbook-from-app-central).
 
 ## Work with integrations in App Central
 

docs/platform-services/automation-service/playbooks-in-app-central.md

@@ -1,43 +1,57 @@
 ---
 id: playbooks-in-app-central
-title: Playbooks in App Central
-sidebar_label: Playbooks in App Central
+title: Out-of-the-Box Playbooks in App Central
+sidebar_label: Out-of-the-Box Playbooks
 description: Learn about the out-of-the-box playbooks available in App Central. 
 ---
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 import SamplePlaybooks from '../../reuse/automation-service/sample-playbooks.md';
 
-A playbook is a predefined set of actions and conditional statements that run in an automated workflow to respond to a certain event or incident type.
+A playbook is a predefined set of actions and conditional statements that run in an automated workflow to respond to a certain event or incident type. Sumo Logic provides hundreds of out-of-the-box playbooks in the **Playbooks** tab of [App Central](/docs/platform-services/automation-service/automation-service-app-central/). These out-of-the-box playbooks can handle many different situations, such as phishing attempts, brute force attacks, ransomware, and many others.
 
-While [playbooks](/docs/platform-services/automation-service/playbooks/) in the Automation Service UI show the playbooks installed to your environment, the **Playbooks** tab in App Central shows you additional playbooks you can install.
+The out-of-the-box playbooks are templates that you need to configure before they will work in your environment. Look through the playbooks to find ones that could help you. Once you've identified one you'd like to use, follow these steps:
+1. [Install the playbook](#install-an-out-of-the-box-playbook-from-app-central).
+1. [Configure the installed out-of-the-box playbook](#configure-an-out-of-the-box-playbook) to run actions in the integrations you have in your environment. 
+    :::note IMPORTANT
+    You must first [install integrations](/docs/platform-services/automation-service/automation-service-app-central/#install-an-integration-from-app-central) and [configure authentication for them](/docs/platform-services/automation-service/configure-authentication-for-integrations/) before you can configure playbooks to use the actions from those integrations. 
+    :::
 
-### Install a playbook from App Central
+## Install an out-of-the-box playbook from App Central
 
 1. Use the **Search** bar in the upper right of the **Playbooks** tab to find playbooks.
 1. Click **Install** in the corner of the playbook box.
 1. Click **Next**.
 1. Click **Install** to install the playbook.
 1. Click **Close**. After installation is complete, **Installed** replaces the **Install** link in the corner of the playbook box.
-1. **IMPORTANT**: Click **Show More** in the playbook box to see if there are additional steps you need to follow to configure the installed playbook. Failure to perform these additional steps may result in the playbook not working properly.
-
-<!-- There used to be an export button, but now it's gone. Saving this text below in case it comes back.
-
-## Export from App Central
-
-You can export the contents of integrations and playbooks from App Central.
-
-1. Click the **Go to export page** button in the top right corner of the **Integrations** tab.<br/><img src={useBaseUrl('img/cse/automation-service-app-central-export-button.png')} alt="Go to the export page" style={{border: '1px solid gray'}} width="300"/>
-1. Select the items you want to export. Provide a description in the box provided. If you select more than one item, you are prompted to provide a title as well.
-1. Scroll down and click **Export** at the bottom right corner of the screen. The selections are exported in a .tar file to your downloads folder.
-1. Extract the .tar file. An archive file is extracted from the .tar file (for example, a .tar.gz file).
-1. Extract the archive file. The exported items are extracted, including any YAML files they contain.
-
--->
+1. Click **Show More** in the playbook box to see if there are additional steps you need to follow to configure the installed playbook. Failure to perform these additional steps may result in the playbook not working properly.
+
+## Configure an out-of-the-box playbook
+
+After you install an out-of-the-box playbook from App Central, it appears on the [**Playbooks**](/docs/platform-services/automation-service/playbooks/create-playbooks/#view-playbooks) list. Perform the following steps to configure the out-of-the-box playbook.
+
+1. Select the playbook from the list. In the example below, the *21 - DLP Alert* playbook is selected. <br/><img src={useBaseUrl('img/platform-services/automation-service/example-out-of-the-box-playbook.png')} alt="Example out-of-the-box playbook" style={{border: '1px solid gray'}} width="700" />
+1. Click the edit button at the bottom of the screen.
+1. Hover your mouse over a node and click the edit button that appears on the node. The **Edit Node** dialog appears.
+1. Note the **Node name**. It should tell you what action you need to connect to. In the following example, the node name is *IP reputation destination address with VirusTotal*. That tells us we need to connect to the *IP Reputation* action in the [VirusTotal integration](/docs/platform-services/automation-service/app-central/integrations/virustotal/) and use the *destination address*.<br/><img src={useBaseUrl('img/platform-services/automation-service/example-out-of-the-box-playbook-2.png')} alt="Example out-of-the-box playbook node" style={{border: '1px solid gray'}} width="400" />
+1. In the **Integration** field, select the integration. (In our example, select  **VirusTotal**.)
+    :::note IMPORTANT
+    You must have [already installed the integration](/docs/platform-services/automation-service/automation-service-app-central/#install-an-integration-from-app-central) and [configured its authentication](/docs/platform-services/automation-service/configure-authentication-for-integrations/) before you can use actions in the integration.
+    :::
+1. In the **Action** field, select the action. (In our example, select **IP Reputation**.)
+1. Fill out other fields as needed. Fields with asterisks are required. (In our example, in the **IP** field select **destinationAddress**).<br/><img src={useBaseUrl('img/platform-services/automation-service/example-out-of-the-box-playbook-3.png')} alt="Example out-of-the-box playbook node with integration and action selected" style={{border: '1px solid gray'}} width="400" />
+1. After you're done configuring the node, toggle **Test Mode** at the top of the dialog to [test the node](/docs/platform-services/automation-service/playbooks/troubleshoot-playbooks/#test-nodes-in-a-playbook).
+1. After you are sure the node works as expected, click **Save**.
+1. Continue configuring nodes until you have configured all the nodes in the playbook. 
+1. When done configuring nodes, [test the playbook](/docs/platform-services/automation-service/playbooks/troubleshoot-playbooks/#test-a-playbook) to make sure it works as expected.
+
+:::note ADVISORY
+The out-of-the-box playbooks are merely templates to guide you, and the integrations indicated in their node names may not exist in your environment. Edit the playbook to connect to integrations that you have installed and configured, and change the playbooks as needed.
+:::
 
 ## Playbooks in App Central
 
-This section lists all the out-of-the-box playbooks you can install.
+This section lists all the out-of-the-box playbooks you can install from App Central.
 
 ### 1 - Basic IP Reputation
 

docs/platform-services/automation-service/playbooks/create-playbooks.md

@@ -10,15 +10,15 @@ import CartesianProduct from '../../../reuse/cartesian-product.md';
 
 ## View playbooks
 
-The following procedure describes how to view playbooks already installed in your environment. To add more playbooks, [create a playbook](#create-a-new-playbook), or [install a playbook from App Central](/docs/platform-services/automation-service/playbooks-in-app-central/#install-a-playbook-from-app-central).
+The following procedure describes how to view playbooks already installed in your environment. To add more playbooks, [create a playbook](#create-a-new-playbook), or [install a playbook from App Central](/docs/platform-services/automation-service/playbooks-in-app-central/#install-an-out-of-the-box-playbook-from-app-central).
 
 1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Automation > Playbooks**. You can also click the **Go To...** menu at the top of the screen and select **Playbooks**.  <br/>The list of playbooks displays. <br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic).  In the main Sumo Logic menu, select **Automation > Playbooks**. <br/> <img src={useBaseUrl('img/cse/automations-playbook-list.png')} alt="Automation Playbook list" style={{border:'1px solid gray'}} width="700"/>
 1. Select a playbook to see the elements in the workflow.<br/><img src={useBaseUrl('img/cse/automations-open-playbook.png')} style={{border:'1px solid gray'}} alt="Opened playbook" width="700"/>
 1. Click the elements in the playbook to see their details. For example, click actions (the boxes in the flow) to see the [integration](/docs/platform-services/automation-service/automation-service-integrations/) resources that provide the actions.<br/><img src={useBaseUrl('img/cse/automations-action-example.png')} style={{border:'1px solid gray'}} alt="Action example" width="700"/>
 
 ## Create a new playbook
 
-Before you create your own playbook, first [view playbooks](#view-playbooks) to make sure there isn't one already that does what you want to accomplish, and also check to see if you can [install a playbook from App Central](/docs/platform-services/automation-service/playbooks-in-app-central/#install-a-playbook-from-app-central) that does what you need. After you create a playbook, you can run it in automations for [monitors](/docs/alerts/monitors/use-playbooks-with-monitors/), [Cloud SIEM](/docs/cse/automation/automations-in-cloud-siem/), or [Cloud SOAR](/docs/cloud-soar/automation/). 
+Before you create your own playbook, first [view playbooks](#view-playbooks) to make sure there isn't one already that does what you want to accomplish, and also check to see if you can [install a playbook from App Central](/docs/platform-services/automation-service/playbooks-in-app-central/#install-an-out-of-the-box-playbook-from-app-central) that does what you need. After you create a playbook, you can run it in automations for [monitors](/docs/alerts/monitors/use-playbooks-with-monitors/), [Cloud SIEM](/docs/cse/automation/automations-in-cloud-siem/), or [Cloud SOAR](/docs/cloud-soar/automation/). 
 
 :::tip
 The following procedure provides a brief introduction to how to create a playbook. For detailed examples of how to create playbooks, see the [Cloud SIEM automation examples](/docs/cse/automation/cloud-siem-automation-examples/).