Skip to main content
Playbooks are automated or semi-automated workflows that define how cases should be handled in Guardian Ops. They allow you to orchestrate complex case management processes, from simple notifications to sophisticated multi-step workflows involving delays, conditional logic, API integrations, and automatic resolution.

Overview

Playbooks operate on cases and provide workflow automation for your abuse management processes. Each playbook is attached to a case group, and cases flowing into that group are automatically processed according to the playbook’s configuration.

Prerequisites

Before you can use playbooks, you must have:
  1. Case groups configured in your inbound processing flow
  2. Events flowing to case groups - Verify your inbound processing routes events to case groups
  3. API endpoints (optional) - If using API Caller nodes, ensure your APIs are accessible
  4. An SMTP Server configured in order to send mail notifications. (Coming soon..)
Playbooks only execute when attached to a case group. Without case groups configured in inbound processing, playbooks will not process any cases.

Playbook Versions

Unlike inbound processing (which only allows one active flow at a time), playbooks support multiple versions:
  • Multiple playbooks can exist simultaneously
  • Each playbook can have multiple versions
  • One version per playbook can be live/active at a time
  • You can maintain different playbooks for different case groups

Available Nodes

The following nodes are available for building your playbook workflows:
  • Delay - Add time delays in case processing
  • Wait Until - Wait for conditions to be met or timeout
  • API Caller - Make HTTP requests to external systems
  • True/False - Conditional logic branching
  • Manual - Human decision points requiring agent intervention
  • Email Notification - Send templated email notifications (coming soon)
  • Trigger - External trigger points for workflows (coming soon)
  • Resolve Case - Mark cases as resolved
For detailed information about each node, see the Node Reference.
Playbook Nodes

Creating and Managing Playbooks

Creating a New Playbook

  1. Navigate to Playbooks settings in Guardian Ops
  2. Click New Playbook
  3. Provide a descriptive name (e.g., “Copyright Cases”, “Spam Handling”)
  4. In the prompt, provide a version name (e.g., “Version 1”, “Initial Release”)
  5. Click Create
Your new playbook is created in draft state with an initial version.

Building Your Playbook Flow

  1. Click Edit on your playbook version
  2. Drag and drop nodes from the left panel into free slots in the flow
  3. Click each node to configure its settings
  4. Add conditional logic using True/False nodes
  5. Include delays or waiting conditions as needed
  6. Click Done editing when finished
Playbook visual editor interface

Playbook Editor: Drag-and-drop interface for building case workflows.

Managing Versions

Each playbook can have multiple versions, allowing you to iterate on your workflows: Creating a New Version:
  1. Select your playbook from the list
  2. Click New Version
  3. Provide a version name
  4. Build or modify the workflow
  5. Activate when ready
Activating a Version:
  1. Select the version you want to activate
  2. Click Activate
  3. The version becomes live and processes new cases
  4. Previous version remains available for reference or rollback. All remaining cases will finish processing in the previous version.
See Flow States for detailed information about activation.

Attaching Playbooks to Case Groups

Playbooks must be attached to case groups to execute. This is done in your inbound processing configuration.

Steps to Attach

  1. Navigate to Inbound Processing settings
  2. Open the flow configuration that contains your case group
  3. Click on the Case Group Node you want to configure
  4. In the node settings, select your playbook from the dropdown
  5. Click Save
  6. Click Done editing
  7. Activate the inbound processing flow
Case group with playbook assignment

Playbook Assignment: Attach playbooks to case groups in inbound processing.

Once attached, all new cases flowing into that case group will be processed by the assigned playbook.

Flow States

Playbooks use the same flow states as inbound processing. Each playbook can have multiple versions, with one version active per playbook at a time.

Troubleshooting

Playbook Not Executing:
  • Verify the playbook is activated
  • Check that the playbook is attached to a case group
  • Ensure events are reaching the case group in inbound processing
  • Check if cases of the releated case group are created
  • Review the case group configuration in inbound processing
API Calls Failing:
  • Check JSON view of playbook tab in the case (coming soon: failures shown in case history)
  • Check API endpoint URLs and authentication
  • Verify payload mapping is correct
  • Review API response in case playbook execution details
  • Review the playbook history in case details
  • Ensure your firewall allows incoming requests from Abusix
⚠️ If your API is behind a firewall, ensure the following IPs are in your welcome lists and not blocked by any firewall: 18.193.183.51 | 52.57.46.129 | 18.158.191.233