Maintaining Runbook definitions for your incident response is crucial. We developed a Runbook Audit Log endpoint so you can check on changes or programmatically set checks to see if an important Runbook is edited. Allowing you to go back and fix unwanted changes or store history for change management purposes.
Once this endpoint is enabled for your organization, we then begin storing Runbook Audit Logs from the date it is turned on.
To get started you will first need to set up a bot user to be able to access this endpoint. This endpoint is only accessible to your specific organization via the use of a bot user. To learn more about setting up a bot user, click here.
If you would like to further reference our API docs for this endpoint, please visit our developer documentation here.
This Runbook endpoint includes information about the creation, update, and deletion of a Runbook or a Runbook Step. It does not currently include details pertaining to changes to rules or conditions of the step.
With the example payload below, changes to the Runbook would show under audited changes. Referencing the example payload below, “id” & “action” can help determine if a specific Runbook was created, updated, or deleted. Additionally, we provide other key identifiers on who has changed or created this Runbook to tracking purposes via the field [‘user_id’].
Over time, this information can be queried to look back and change Runbooks to their previous states.
"name": "Assign A Role",
"label": "Incident Opener",
This endpoint can help organizations protect Runbook stages and enforce secure and consistent incident management policies.. Here are a few suggestions of how to incorporate this endpoint into your organization's processes:
1.) Revert changes: Query this endpoint specifically on a Runbook to see past changes. Past information on changes can be used to re-inject back into a Runbook if you would like to go back to a previous state if the new change is no longer unwanted.
2.) Alert on changes: Set up a recurring webhook to send a GET to the /runbookaudit endpoint for new changes across your Runbooks. A middleware can be established to check for the most recent change via the timestamp on the Runbook change. From here, you can customize how to alert on changes based on your organization's needs.