Skip to content
English
Sign in
Contact us
  • There are no suggestions because the search field is empty.

Creating and managing branching playbooks in Cydarm with CACAO

In this article, we will explain how to create and utilize complex workflows with branching CACAO playbooks in your Cydarm instance, including how to upload existing playbooks in JSON format and create new ones using the Roaster integration.

Overview

Create more complex workflows with a branching CACAO playbook. CACAO playbooks can be useful for managing scenarios where there may be different workflows required depending on what is discovered along the course of the investigation.
 
You can use CACAO playbooks in your Cydarm instance by uploading already-created playbooks in a JSON format via our Playbooks screen, or by creating a new one using our Roaster integration.
 
To create and edit a CACAO playbook, you must be in the user and playbook editor ACL groups.
 

Creating a CACAO playbook with Roaster

Cydarm includes a Roaster integration in every stack. Roaster is an open source visual editor for CACAO playbooks, and is the easiest way to get started with this workflow. 
 
To start, go to the Playbooks screen and click Create new branching (CACAO) playbook. This will open the Roaster editor.
 
❗️Note that drafts of playbooks do not save automatically. Remember to click Save draft to save your progress as you edit your playbook
 

Naming the playbook 

By default, new playbooks are created with the name Playbook Name. To change this, click on Metadata in the top toolbar, and edit the Name field. You can also add an optional description. 
 

Errors 

CACAO playbooks must be valid in order to be published correctly. Errors are displayed in the bottom left corner as you edit. Clicking on this warning will show more details about what is required to validate the playbook. 
 
For a more detailed list of requirements to validate a CACAO playbook for publication, see the CACAO spec.
 

Drafts

You can store drafts as you edit a playbook. Playbooks that are draft only (i.e. have never been published) are shown by the Draft label in the playbook list. These playbooks won’t be previewed, but instead will display an Edit in Roaster button. Playbooks can be visually displayed within Roaster.
 
Updated drafts of already published CACAO playbooks can also be stored. When clicking on the playbook in the playbook list, the visual preview will always show the active published version. If there is a more recent draft than the active published version, a Draft in progress label will appear in the top right within the playbook view. Opening the Roaster editor will open this latest draft. 
 
Only one draft of a playbook can be stored. It is not possible to store multiple drafts of the same playbook. If this is required, we recommend using Roaster’s Export to file feature to save draft copies offline.