On-Demand Runbooks

An on-demand runbook An automated workflow that executes a series of steps or tasks in response to a triggered event, such as the detection of anomalous behavior generating an incident, a lifecycle event, or a manually executed runbook. enables you to execute a runbook manually and immediately. See runbook definition. This is distinct from incident A collection of one or more related triggers. Relationships that cause triggers to be combined into incidents include application, location, operating system, or a trigger by itself. runbooks and lifecycle runbooks that execute in response to specific events.

On-demand runbooks are useful for cases such as:

• Discovery: List everything known about an entity Things deployed in the customer environment that are needed to run the business, such as applications, devices, interfaces, and locations. from various products (Riverbed and third-party).

• Experimentation/testing: Test a runbook being defined for remediation to validate it before automating it.

• Routine IT troubleshooting: The IT desk received a report of an issue at a specific time; execute a runbook for the reporting user, location An entity type representing physical or logical locations in the customer environment where entities are deployed and monitored., or application at that time.

• Verification: An incident occurred yesterday and is now fixed. Execute a runbook to validate the fix and ensure that everything is back to normal.

• Change validation: A network configuration was performed; verify that everything is still up and running, based on a checklist of items to validate.

• Integration: Integrate Shared Access Signature. A secure way to grant limited access to Azure storage resources without sharing storage account keys. A SAS token contains permissions and an expiration time. with a third party vendor and send it specific network data collected from Riverbed products.

On-demand runbooks are listed on their own On-Demand Runbooks page, separate from other runbook types.

Create an on-demand runbook by clicking New on the On-demand Runbooks page to open the Runbook Editor. The new runbook is started on the canvas with an Input node added by default.

On-demand runbook definitions are similar to other runbook types, with these exceptions:

• An on-demand Runbook starts with an Input node, not a Trigger A set of one or more indicators that have been correlated based on certain relationships, such as time, metric type, application affected, location, or network device. node. The Input node requires you to explicitly supply the details that give the on-demand runbook the context it needs to be able to execute, information that an incident Runbook acquires implicitly from its Trigger node. (This also means that Decision nodes Individual components that make up a runbook automation, each performing a specific function such as data queries, transformations, logic, integrations, or visualizations. used in on-demand runbooks do not have a Trigger category.) On-demand runbooks can use any of the following entity Things deployed in the customer environment that are needed to run the business, such as applications, devices, interfaces, and locations. types as inputs:

  • None (Execute the runbook on all the data without specifying any input.)

  • Application An entity type representing software applications deployed in the customer environment that are monitored for performance and anomalies.

  • Client

  • Client Location An entity type representing physical or logical locations in the customer environment where entities are deployed and monitored.

  • Device An entity type representing network devices or hardware components deployed in the customer environment that are monitored for performance and anomalies.

  • Host

  • Interface An entity type representing network interfaces on devices that are monitored for performance metrics and anomalies.

  • Location

  • Server

  • Server Location

  • User Devices An entity type representing network devices or hardware components deployed in the customer environment that are monitored for performance and anomalies.

• Since on-demand runbooks are executed manually at your initiation, they are not managed as automations Automated procedures that are executed as the result of a trigger. Automations consist of a single entry point and a sequence of connected nodes that define the processing logic. like triggered A set of one or more indicators that have been correlated based on certain relationships, such as time, metric type, application affected, location, or network device. runbooks (incident, lifecycle, and external) are.

• On-demand runbooks do not use/support Impact Statements.

• On-demand runbooks do not use/support incident variables.

When you create an on-demand runbook that specifies an entity type, you will be prompted to provide that entity at execution, and that entity then can be used to filter all the data queries within the runbook. For example, for an application input, you will be prompted to provide an application; if you then specify that you want to execute for the Exchange application, you can define the runbook such that all the runbook's Data Query nodes use Exchange as a filter in order to furnish additional information about Exchange.

Once the on-demand runbook has executed, its output A document containing data sets generated by the execution of a runbook, including output of queries and reports from point products, as well as output of analysis or other runbook nodes. is listed on the Runbook Analyses page.