Flexible IR Playbooks are process oriented describing what tasks to do. Each task becomes a card on the Kanban boards and can be granularly analysed. Each task will have owner, average time consumed, flags like mandatory or optional, compliance mappings, checklists, comments and subtasks. Playbooks are process focused and do NOT show logic – that’s where workflows come into play.
The primary focus is for expert analysts to create playbooks within minutes and minimum rampup. Simple productivity tooks like trello boards and excel used. Also the playbook is designed for a human to read easily.
Splunk
https://www.splunk.com/en_us/software/splunk-security-orchestration-and-automation/features.html
The Phantom Visual Playbook Editor (VPE) allows both developers and non-developers to construct and customize complex Phantom Playbooks with drag-and-drop ease
