Final cleanup

jpipkin1 · jpipkin1 · commit f0435bc8c372 · 2025-08-14T17:35:34.000-05:00
diff --git a/docs/platform-services/automation-service/intro-to-automation-service.md b/docs/platform-services/automation-service/intro-to-automation-service.md
@@ -114,15 +114,20 @@ The Sumo Logic Automation Service contains [hundreds of pre-created playbooks](/
 
 The Automation Service allows us to create automations that will run whenever [Cloud SIEM insights](/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui/) are created or closed. These automations are powered through "playbooks" as discussed in the previous section, predefined actions run in an automated workflow to respond to an incident. 
 
-Let’s use the Automation Service to create a playbook for use in Cloud SIEM.
+To create the playbook as described below, you must first configure the following integrations that the playbook will use:
+* [Sumo Logic Cloud SIEM integration](/docs/platform-services/automation-service/app-central/integrations/sumo-logic-cloud-siem)
+* [VirusTotal integration](/docs/platform-services/automation-service/app-central/integrations/virustotal)
+* [VirusTotal V3 integration](/docs/platform-services/automation-service/app-central/integrations/virustotal-v3)
+
+Now that those integrations are configured, let’s use the Automation Service to create a playbook for use in Cloud SIEM:
 1. Go to the [Playbooks](/docs/platform-services/automation-service/automation-service-playbooks/) page. <br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Automation > Playbooks**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Automation > Playbooks**. You can also click the **Go To...** menu at the top of the screen and select **Playbooks**.<br/>The list of playbooks displays. You can click on any of the existing playbooks which will open the playbook diagram in the sidebar on the right. You can view here the individual nodes and sequences in the selected playbook, to give you an idea of the type of actions and structures that you can create. Playbooks can have any number of actions, as well as branching conditions to manage different sequences of actions, depending on selected criteria. You can click on any component of a playbook to see more detailed information about each node. 
 1. Let's [create a playbook](/docs/platform-services/automation-service/automation-service-playbooks/#create-a-new-playbook) of our own that will send an email notification when a Cloud SIEM insight is created with a high severity. 
    1. Click the plus icon near the top to create a new playbook. <br/><img src={useBaseUrl('img/cse/automations-new-playbook-button.png')} style={{border:'1px solid gray'}} alt="New playbook button" width="500"/>
    1. Enter a name for the playbook, such as "Send Cloud SIEM Insight Email Notification". You can optionally enter a description. Select **Cloud SIEM** as the **Type** for the playbook.<br/><img src={useBaseUrl('img/cse/automations-new-playbook-dialog.png')} style={{border:'1px solid gray'}} alt="New playbook dialog" width="400"/>
    1. Click **Create** when finished.
    1. On the following screen you will see the starting template for your new empty playbook, with **Start** and **End** nodes. Switch to edit mode by clicking on the **Edit** (pencil) icon in the bottom toolbar.<br/><img src={useBaseUrl('img/platform-services/automation-service/intro-edit-button.png')} alt="Edit button" style={{border: '1px solid gray'}} width="300" />
    1. Before we start adding actions to our playbook, we’ll want to set up the initial configuration of the playbook so we get the proper inputs from the Cloud SIEM insight. Mouse over the **Start** node, and click the **Edit** (pencil) icon.<br/><img src={useBaseUrl('img/platform-services/automation-service/intro-start-node.png')} alt="Start node" style={{border: '1px solid gray'}} width="100" />
-   1. In the **Edit Node** popup, select **Insight** from the playbook input parameters dropdown. Choosing **Insight** automatically populates the popup view with a number of input parameters that will be added to the playbook from the corresponding insight.
+   1. In the **Edit Node** popup, in the **Add one or more params as a playbook input** field select **Insight**. Choosing **Insight** automatically populates the popup view with a number of input parameters that will be added to the playbook from the corresponding insight. (For more information about these parameters, see [Insight payload variables](/docs/platform-services/automation-service/automation-service-playbooks/#insight-payload-variables).)<br/><img src={useBaseUrl('img/platform-services/automation-service/start-node-parameters.png')} alt="Types of start node parameters" style={{border:'1px solid gray'}} width="400"/>
    1. Click **Update** to save and close the input parameters.
 1. Now let's add an action node to the playbook.
    1. Click the **+** symbol on the **Start** node. 
@@ -217,6 +222,10 @@ Congratulations. You now have a custom automation that can be manually run or at
 
 Cloud SIEM isn’t the only application that can use playbooks from the Automation Service. You can also use [automated playbooks in monitors](/docs/alerts/monitors/use-playbooks-with-monitors/). In this section, we'll create a playbook that will be triggered when an alert is generated by a monitor within Sumo Logic's Log Analytics Platform.
 
+To create the playbook as described below, you must first configure the following integrations that the playbook will use:
+* [AWS EC2](/docs/platform-services/automation-service/app-central/integrations/aws-ec2/)
+* [Sumo Logic Log Analytics](/docs/platform-services/automation-service/app-central/integrations/sumo-logic-log-analytics/)
+
 For this playbook let’s presume we have some AWS EC2 instances that are being monitored through Sumo Logic. We’ll create a sample playbook that upon a monitor alert will get information about our instances and reboot them as needed.
 
 1. Go to the **Playbooks** page. <br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Automation > Playbooks**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Automation > Playbooks**. You can also click the **Go To...** menu at the top of the screen and select **Playbooks**.
@@ -228,7 +237,7 @@ For this playbook let’s presume we have some AWS EC2 instances that are being
 1. Edit the playbook:
     1. Click the **Edit** (pencil) icon to start editing your playbook.
     1. Click the pencil icon underneath the **Start** node.
-    1. In the **Edit node** dialog, select **Alert** as the playbook input. The dialog box will auto-populate with a number of parameters related to the source alert.<br/><img src={useBaseUrl('img/platform-services/automation-service/intro-edit-node-alert.png')} alt="Playbook edit node for an alert" style={{border: '1px solid gray'}} width="400" />
+    1. In the **Edit node** dialog, in the **Add one or more params as a playbook input** field select **Alert** as the playbook input. The dialog box will auto-populate with a number of parameters related to the source alert. (For more information about these parameters, see [Alert payload variables](/docs/platform-services/automation-service/automation-service-playbooks/#alert-payload-variables).)<br/><img src={useBaseUrl('img/platform-services/automation-service/intro-edit-node-alert.png')} alt="Playbook edit node for an alert" style={{border: '1px solid gray'}} width="400" />
     1. In this case, we also want to add a custom parameter to facilitate later actions. Scroll down to the bottom of the **Edit node** dialog and click **Add New Param**.
     1. Type the following as the parameter name: `customPlaceholderMap[]."cloud.instance.id"`<br/><img src={useBaseUrl('img/platform-services/automation-service/intro-params.png')} alt="Playbook parameters" style={{border: '1px solid gray'}} width="400" />
 1. Click **Update** when finished.
@@ -257,12 +266,14 @@ For this playbook let’s presume we have some AWS EC2 instances that are being
     1. Choose the **Action** node tpe.
     1. Configure the node:
        * **Name**: "Resolve Alert"
-       * **Integration** **Sumo Logic Log Analytics**
+       * **Integration**. **Sumo Logic Log Analytics**
        * **Type**. **Notification**
        * **Action** **Resolve Alert**
        * **Alert ID**: Click the gear icon and select **Playbook inputs** and then **input.Id**.
     1. Click **Create**.<br/><img src={useBaseUrl('img/platform-services/automation-service/intro-resolve-alert-node.png')} alt="Resolve alert playbook node" style={{border: '1px solid gray'}} width="400" />
 1. Connect the **Resolve Alert** node to the **End** node. Your completed playbook will look more or less like the following:<br/><img src={useBaseUrl('img/platform-services/automation-service/intro-alerts-playbook.png')} alt="Completed alert playbook" style={{border: '1px solid gray'}} width="700" />
 1. At the bottom of the screen, click the **Publish** (clipboard) icon next to the **Edit** (pencil) icon to publish your playbook.
 
-Now that you have created a playbook for alerts, follow the directions in [Add an automated playbook to a monitor](/docs/alerts/monitors/use-playbooks-with-monitors/#add-an-automated-playbook-to-a-monitor). Add the playbook to a monitor for AWS EC2 instances.
+Congratulations. You have now created a playbook for alerting.
+
+Now that you have created a playbook for alerting, follow the directions in [Add an automated playbook to a monitor](/docs/alerts/monitors/use-playbooks-with-monitors/#add-an-automated-playbook-to-a-monitor) to add the playbook to a monitor for your AWS EC2 instances. When the alert triggers, it will run the playbook.
