* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate)
* playbooks

# Palo Alto Networks

## playbooks

[![Playbook Creation Reimagined: The Intuitive Approach to Security Automation](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2025/05/Portrait-of-Young-Man-LI.jpg)](https://www2.paloaltonetworks.com/blog/security-operations/playbook-creation-reimagined-the-intuitive-approach-to-security-automation/)  
[Playbook Creation Reimagined: The Intuitive Approach to Security Automation
\---------------------------------------------------------------------------](https://www2.paloaltonetworks.com/blog/security-operations/playbook-creation-reimagined-the-intuitive-approach-to-security-automation/)

Continuing to innovate on our market-leading SOAR to simplify security operations, ensure ease of use in the adoption of automation.  
[Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)  
May 01, 2025  
By [Alon Yardeni](https://www.paloaltonetworks.com/blog/author/alon-yardeni/?ts=markdown "Posts by Alon Yardeni")

## Palo Alto Networks

*** ** * ** ***

[Announcements](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)

*** ** * ** ***

[Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)

*** ** * ** ***

[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

*** ** * ** ***

[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

*** ** * ** ***

[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

*** ** * ** ***

[Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

*** ** * ** ***

![Playbook of the Week: Automate Anything with the Default Playbook](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2023/05/In-All-Seriousness-4.jpg)  
[Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

## [Playbook of the Week: Automate Anything with the Default Playbook](https://www2.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-automate-anything-with-the-default-playbook/)

The Default playbook is the most commonly used playbook in the Cortex Marketplace. And for good reason. It is used by most of our XSOAR customers to configure their first automatio...  
May 11, 2023  
By [Ido Van Dijk](https://www.paloaltonetworks.com/blog/author/ido-van-dijk/?ts=markdown "Posts by Ido Van Dijk")  
![An Insider’s Guide To SOAR Adoption](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2023/01/Man-working-1.jpg)  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

## [An Insider's Guide To SOAR Adoption](https://www2.paloaltonetworks.com/blog/security-operations/an-insiders-guide-to-soar-adoption/)

Explore metrics and strategies for what a successful SOAR deployment looks like based on real customer data.  
Jan 04, 2023  
By [Josh Zelonis](https://www.paloaltonetworks.com/blog/author/josh-zelonis/?ts=markdown "Posts by Josh Zelonis")  
![It’s Here! It’s Here! Cortex XSOAR 6.2 is here!](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2021/06/Man-Pointing.jpg)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

## [It's Here! It's Here! Cortex XSOAR 6.2 is here!](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xsoar-6-2-is-here/)

Latest release of the Cortex XSOAR, a security orchestration, automation and response platform.  
Jun 08, 2021  
By [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh")  
[](https://www2.paloaltonetworks.com/blog/security-operations/automation-rising-2020-soar-hackathon-results/)  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

## [Automation Rising 2020 SOAR Hackathon Results](https://www2.paloaltonetworks.com/blog/security-operations/automation-rising-2020-soar-hackathon-results/)

It is with great pleasure and excitement that we get to announce the final results and winners of the Automation Rising 2020 SOAR Hackathon, Palo Alto Networks' first-ever security playbook building competition...  
Nov 19, 2020  
By [Emily Violi](https://www.paloaltonetworks.com/blog/author/emily-violi/?ts=markdown "Posts by Emily Violi")  
![Introducing the Cortex XSOAR Marketplace](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2020/06/Hunter.png)  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

## [Introducing the Cortex XSOAR Marketplace](https://www2.paloaltonetworks.com/blog/2020/08/cortex-xsoar-marketplace/)

The Cortex XSOAR Marketplace provides a common framework and community for sharing playbooks and integrations to scale up security automation.  
Aug 04, 2020  
By [Scott Simkin](https://www.paloaltonetworks.com/blog/author/scott-simkin/?ts=markdown "Posts by Scott Simkin")  
![Block COVID-19 Phishing Emails at Machine Speed](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2020/05/Hunter.png)  
[Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

## [Block COVID-19 Phishing Emails at Machine Speed](https://www2.paloaltonetworks.com/blog/2020/07/cortex-phishing-emails/)

Learn how Cortex XSOAR automated playbooks can help your organization protect against the deluge of COVID-19 phishing emails.  
Jul 22, 2020  
By [Kamil Imtiaz](https://www.paloaltonetworks.com/blog/author/kamil-imtiaz/?ts=markdown "Posts by Kamil Imtiaz")  
![Manage a Remote SOC: Micro-Surveys for Crisis Management](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2020/04/pan_generic-gtm-social_cortex-350x300-1.png)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

## [Manage a Remote SOC: Micro-Surveys for Crisis Management](https://www2.paloaltonetworks.com/blog/2020/05/cortex-micro-surveys/)

Micro-surveys in Cortex XSOAR can help security analysts manage communication in a remote SOC.  
May 12, 2020  
By [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh")  
![Manage a Remote SOC: Playbooks for Monitoring Remote User Activity](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2020/04/pan_generic-gtm-social_cortex-350x300-1.png)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

## [Manage a Remote SOC: Playbooks for Monitoring Remote User Activity](https://www2.paloaltonetworks.com/blog/2020/04/cortex-monitoring-remote-user-activity/)

The ability to monitor remote user activity is becoming more important than ever as many SOCs work to secure remote end users.  
Apr 27, 2020  
By [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh")  
![Manage A Remote SOC: Shift Management Tips](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2020/04/pan_generic-gtm-social_cortex-350x300-1.png)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

## [Manage A Remote SOC: Shift Management Tips](https://www2.paloaltonetworks.com/blog/2020/04/cortex-shift-management/)

Learn how you can use the shift management feature of Cortex XSOAR to maintain visibility into team availability while managing a remote SOC.  
Apr 17, 2020  
By [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh")  
![Security Orchestration Use Case: Automating Threat Hunting](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2020/07/31582244_m.jpg)  
[Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

## [Security Orchestration Use Case: Automating Threat Hunting](https://www2.paloaltonetworks.com/blog/security-operations/security-orchestration-use-case-automating-threat-hunting/)

Security teams are often too focused with fighting daily incident response fires to devote time to proactive and scheduled threat hunting operations and catch incipient threats bef...  
Nov 13, 2018  
By [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh")  
![Security Orchestration Use Case: Automating VPN Checks](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2020/07/Security-Orchestration.jpg)  
[Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

## [Security Orchestration Use Case: Automating VPN Checks](https://www2.paloaltonetworks.com/blog/security-operations/security-orchestration-use-case-automating-vpn-checks/)

In the global age of today's business, it's tough to spot a malicious VPN access attempt from a genuine case of employee travel and access from another country. Moreover, with increased cloud adoption, there ar...  
Oct 18, 2018  
By [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh")  
![Security Orchestration Use Case: Automating Malware Analysis](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2020/07/54979667_m-1.jpg)  
[Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

## [Security Orchestration Use Case: Automating Malware Analysis](https://www2.paloaltonetworks.com/blog/security-operations/security-orchestration-use-case-automating-malware-analysis/)

Detonating suspicious files in sandboxes for malware analysis is an ever-present and important investigative step during incident response. As malware analysis tools are isolated f...  
Oct 15, 2018  
By [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh") ![Security Orchestration Use Case: Automating IOC Enrichment](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2020/07/54979667_m-1.jpg)  
[Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

## [Security Orchestration Use Case: Automating IOC Enrichment](https://www2.paloaltonetworks.com/blog/security-operations/security-orchestration-use-case-automating-ioc-enrichment/)

Enrichment of indicators is one of the first tasks security teams perform during incident response. The challenges here are twofold. Firstly, the process of indicator enrichment is...  
Oct 09, 2018  
By [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh")  
![Security Orchestration Use Case: Automating Vulnerability Management](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2020/07/54979667_m.jpg)  
[Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

## [Security Orchestration Use Case: Automating Vulnerability Management](https://www2.paloaltonetworks.com/blog/security-operations/security-orchestration-use-case-automating-vulnerability-management/)

Vulnerability management is a strategically important process that covers both proactive and reactive aspects of security operations. Since vulnerability management encompasses all...  
Sep 27, 2018  
By [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh")  
![Security Orchestration Use Case: Responding to Phishing Attacks](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2020/07/54979667_m-1.jpg)  
[Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

## [Security Orchestration Use Case: Responding to Phishing Attacks](https://www2.paloaltonetworks.com/blog/security-operations/security-orchestration-use-case-phishing-enrichment-and-response/)

Phishing emails are one of the most frequent, easily executable, and harmful security attacks that organizations -- regardless of size -- face today. With over 90% of all data breach...  
Sep 13, 2018  
By [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh")  
![Security Orchestration Use Case: Automate Incident Severity Assignment](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2020/07/31582244_m.jpg)  
[Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

## [Security Orchestration Use Case: Automate Incident Severity Assignment](https://www2.paloaltonetworks.com/blog/security-operations/security-orchestration-use-case-automate-incident-severity-assignment/)

Security teams are beset with alerts on the best of days. This simple truth stems from two issues melding together:  
Jun 05, 2018  
By [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh")  
Load more blogs

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language