Runbook Nodes

Runbook nodes are the individual logical components, or automated actions, that make up runbooks. Runbook nodes are assembled in sequence to define an automated investigation and generate output to inform your investigation of an incident in response to a trigger. Each runbook node has a set of properties that control its behavior in a runbook, and these properties can be configured separately for each instance of the node that is used.

Runbook nodes are accessed in a palette in the Runbook Editor, where they are organized into categories. The palette lists the runbook node categories in approximate order of how they should be assembled in sequence (first a trigger, then a data query, then a logic operation, then an impact or a visualization), but this is broadly advisory, and a complex runbook may have nodes from different categories arranged in myriad ways.

Triggers

• Interface Issue

• Device Issue

• Application Issue

Data Queries

• Applications

• Devices

• Devices [CPU Utilization]

• Devices [Memory Utilization]

• Devices [Disk Utilization]

• Devices [Availability]

• Network Device [Configuration Changes]

• Hosts

• Client Hosts

• Server Hosts

• Client-Server Pairs

• Locations

• Network Interfaces

• Network Interfaces (Error Metrics)

• Protocols

• DSCPs

• Client-Server Location Pairs

• Client-Server Pairs and Protoport

• Azure Monitor

Function

• Aggregator

Logic

• Decision Branch

Impacts

• Set Incident Priority

• Tag As Affected Applications

• Tag As Affected Locations

• Tag As Affected Users

Visualizations

• Table

• Pie Chart

• Bar Chart

• Time Series Chart

• Cards

• Gauges

• Connection Graph

Miscellaneous

• Comment

Test

• Test