If you're having problems with your playbook and need to troubleshoot issues, run your playbook using the debugger.

To run your playbook using the debugger, the playbook must meet the following conditions:

• The playbook must be saved. You cannot debug playbooks in edit mode.
• The playbook cannot be marked active.
• The playbook must have an event to run against. If there are dependencies on any artifacts as part of the event, the artifacts must also be present and must not have been previously used by this same version of the playbook.

You can access the playbook debugger using one of the following methods:

• Select the Playbook Debugger tab in the playbook editor.
• Within the playbook editor, use the Cmd+D or Ctrl+D keyboard shortcut. See Use keyboard shortcuts in the playbook editor.

To run the debugger for a specific container, finding, or investigation, follow these steps:

1. Locate the ID for the container, finding, or investigation. Find the ID in the following locations

   ID type	Playbook type	Location
   Container	Automation/SOAR Input Enterprise Security	In the SOAR Sources page, in the ID column
   Finding	Enterprise Security	In the Enterprise Security Analyst queue, in the details panel, next to Reference ID.
   Investigation	Enterprise Security	In the Enterprise Security Analyst queue

2. Copy the ID.
3. Select whether you want to run the debugger as the current user or as the selected automation user.
4. Select Test.

Each line in the debug content starts with a date time stamp. Log entries show which action is running. The parameter sent, such as inputs from earlier blocks or playbooks and message it received, and the outputs of each block are logged. The API call to on_finish represents a call to the End block. The playbook completes by logging a SUCCESS or FAILURE status.