If you are a Bolster Platform user, then you know how powerful it is to have clearly-defined and repeatable processes. Great processes empower the security team to work together effortlessly and easily identify infringements to your brand in real time. But truly effective process are hard to come by, currently it requires some manual effort and Bolster Platform is not integrating within your existing workflow.  

To solve these challenges, we’re excited to announce Playbook - a powerful new feature built to automatically deliver your data where and when you like.

Setting up your first Playbook

The playbook feature can be accessed via the Bolster platform or directly: https://platform.bolster.ai/playbook/playbooks

The easiest way to get started is to select from one of the pre-bundled templates. If you select one of these available templates, steps 1 and 2 will be pre-filled for you. You still may want to select the desired file format in step 1.

If you decide to create your playbook from scratch, take the following steps to create a playbook.

  1. Define output
  2. Define query
  3. Define connector
  4. Choose a schedule

In the following example, let’s create a Playbook that outputs all the phish sites with your brand logo in the last 7 days.

1. Define output

  • Write a Playbook name.
  • Choose any of the attributes from the dropdown list.
  • Choose the output format (JSON or CSV) of your Playbook.

2. Define query

  • Add a filter Original Disposition - is - Phish
  • Add a filter First seen - the last - 7 days
  • Add a filter Logo Detected - is - true

3. Define connector

  • Choose where you want to deliver playbook data. Email is the default connector. (For more on connectors, see the connector section below)
  • You can enter multiple emails separated by a comma.

4. Choose a schedule

  • Choose Playbook start date.
  • Select schedule time, timezone and the frequency of the schedule.


The Playbook connectors let you deliver the playbook data to any destination system of your choice, there are 3 types of connectors you can define.

  • Email (Default)
  • Slack (You may also send Playbook data to Slack as a message, step-by-step instructions)
  • API (The playbooks API connector can be used for a wide range of integrations, see the Playbooks API connector doc for more details)

Run a Playbook

After successfully setting up your Playbook, it will run on the chosen schedule. Please note that playbooks only run when the specified query has at-least one result. You can find out whether a Playbook has queried any result by the count under # from the last run column.

You can also manually run specific Playbook by clicking Run Now option.

Congratulations! Now that you know how to use Playbook, go ahead and create your first Playbook.