Runbook Nodes
Runbook nodes are the individual logical components, or automated actions, that make up runbooks. Runbook nodes are assembled in sequence to define an automated investigation and generate output to inform your investigation of an incident in response to a trigger. Each runbook node has a set of properties that control its behavior in a runbook, and these properties can be configured separately for each instance of the node that is used.
Runbook nodes are accessed in a palette in the Runbook Editor, where they are organized into categories. The palette lists the runbook node categories in approximate order of how they should be assembled in sequence (first a trigger, then a data query, then a logic operation, then an impact or a visualization), but this is broadly advisory, and a complex runbook may have nodes from different categories arranged in myriad ways.
Runbook Node Compatibility Matrix
There are 5 types of runbooks that are displayed as columns in the compatibility matrix, plus an additional column to differentiate the case of an External runbook that is created in Aternity.
-
Incident — These are runbooks that execute automatically whenever a new incident is created.
-
Lifecycle — These are runbooks that execute automatically whenever a triggering lifecycle event occurs on an incident.
-
External — These are runbooks that are triggered in response to a configured API call.
-
Aternity ISD — These runbooks are External runbooks but the editor shows a truncated set of nodes.
-
-
On-Demand — These are runbooks that are triggered as required (either on-demand, or as scheduled).
-
Subflow — These are runbook “macros:” Chunks of reusable automations that perform frequently-used functions (e.g., open a ticket in an external system), and can also be used to implement integrations with third party systems.
The following table shows which nodes are compatible with which types of runbook.
| Node | Category | Incident | Lifecycle | External | Embedded in Aternity | On-Demand | Subflow | Node Execution Value |
|---|---|---|---|---|---|---|---|---|
| Interface | Triggering Entity | ✓ | 1 | |||||
| Device[s] | Triggering Entity | ✓ | 1 | |||||
| Application[s]/Location[s] | Triggering Entity | ✓ | 1 | |||||
| Webhook | Triggering Entity | ✓ | ✓ | 1 | ||||
| Input | Triggering Entity | ✓ | 1 | |||||
| Runbook Completed | Triggers | ✓ | 1 | |||||
| Status Changed | Triggers | ✓ | 1 | |||||
| Note Added | Triggers | ✓ | 1 | |||||
| Note Updated | Triggers | ✓ | 1 | |||||
| Indicators Updated | Triggers | ✓ | 1 | |||||
| Ongoing State Changed | Triggers | ✓ | 1 | |||||
| Subflow Input | Subflow Input | ✓ | 0 | |||||
| Subflow Output | Subflow Output | ✓ | 0 | |||||
| Applications | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Devices (Traffic) | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Device Status | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Device (CPU Utilization) | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Device (Memory Utilization) | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Device (Disk Utilization) | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Device (Availability) | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Devices (Performance) | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Device (Up Time) | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Device (Configuration Changes) | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Hosts | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Client Hosts | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Server Hosts | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Client-Server Pairs | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Locations | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Client Locations | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Server Locations | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Network Interfaces | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Interface Status | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Network Interfaces (Error Metrics) | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Interfaces (Performance) | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Protocols | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| DSCPs | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Client-Server Location Pairs | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Client-Server Pairs and Protoport | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| User Device | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| NPM+ | Data Queries | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Aggregator | Functions | ✓ | ✓ | ✓ | ✓ | ✓ | 1 | |
| Transform | Functions | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | 1 |
| GenAI | Functions | ✓ | ✓ | ✓ | Premium - 10 | |||
| Decision Branch | Logic | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | 1 |
| Set Incident Priority | Impacts | ✓ | 1 | |||||
| Tag As Affected Applications | Impacts | ✓ | 1 | |||||
| Tag As Affected Locations | Impacts | ✓ | 1 | |||||
| Tag As Affected Users | Impacts | ✓ | 1 | |||||
| Add Insight | Impacts | ✓ | ✓ | ✓ | 1 | |||
| HTTP Request | Integrations | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | 1 |
| Table | Visualizations | ✓ | ✓ | ✓ | ✓ | 0 | ||
| Pie Chart | Visualizations | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Bar Chart | Visualizations | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Timeseries Chart | Visualizations | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Bubble Chart | Visualizations | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Correlation Chart | Visualizations | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Cards | Visualizations | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Gauges | Visualizations | ✓ | ✓ | ✓ | ✓ | 1 | ||
| Connection Graph | Visualizations | ✓ | ✓ | 1 | ||||
| Text | Visualizations | ✓ | ✓ | ✓ | ✓ | 0 | ||
| Set Primitive Variable | Variables | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | 1 |
| Set Structured Variable | Variables | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | 1 |
| Comment | Miscellaneous | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | 0 |
| Note | Miscellaneous | ✓ | 0 | |||||
| Subflow | Subflows | ✓ | ✓ | ✓ | ✓ | ✓ |
see note below |
Note - The Subflow node execution value is determined based on the subflow type
Subflow Type Node Execution Value Customer-generated subflow count of nodes executed inside the subflow Riverbed-supplied built-in subflows count of nodes executed inside the subflow Riverbed premium subflows
(based on the specific subflow) Premium: Aternity ISD Parse 0 Premium: OTel Premium - 10