Key Terms and Concepts

swimlane turbine uses a variety of terms throughout this documentation and the platform itself the table below contains high level definitions of some of the key terms and concepts you will encounter using turbine term definition administrator an account created to enable access to the turbine ui or api the administrator role in turbine has access to all tenants, roles, groups, permissions, applications, reports, records, etc the administrator role and permissions can be narrowed to meet business needs agents agents perform actions from playbooks, and then send those results back to the turbine engine agents wait to accept jobs to execute actions from turbine but will not initiate actions themselves to simplify network configuration applet a preconfigured set of fields and layout specifications for turbine applets are appended to an existing application form layout and are designed to allow users to easily update and expand their existing applications applet builder a form layout in turbine for configuring applets application a user defined template for collecting, storing, and organizing your data all automated activities and decisions are driven by how your application stores data you also manage workflow from within applications application builder a form layout in turbine for configuring applications assets reusable, structured, and vendor specific collections of data that contribute to the success of turbine actions assets allow users to create a reusable set of values that can be applied to actions as inputs in playbooks assets can be for a specific connector, or created as a custom asset which can be applied to any action inputs assets are most useful for standardizing and securing configurations arrays an ordered collection of values of the same data type values vary based on the action connector and/or assets, and may include, but are not limited to ip addresses, file names, urls, etc card a report or html object that is associated with a dashboard you can have multiple cards on a single dashboard charts a visual, graphic representation of record and application data comparison operators compare the values on either side of the operator concatenation the ability to add context to a playbook input property condition (workflow) decision points in the business processes programmed into workflow connectors stable, reliable connections for any api in a customer's environment context variables variables that hold a variety of contextual information relating to the current playbook, its invocation parameters, and executed actions dashboard a visual display of records, reports, and charts associated with the applications in the workspace a workspace can have multiple dashboards default dashboard the dashboard available to a user upon log in the default is administrator defined dynamic value a dynamic value for string property types allows you to add context and/or repeats to a playbook property or expression endpoint detection and response (edr) case management, low code playbooks, solutions, and components that increase security operation center (soc) team efficiently at machine speed field a value, or series of values, stored in an application group a collection of defined users integration one way or bidirectional communication between two or more systems job the execution of a programmed action, including the inputs and resulting outputs from that action a job is to an action what a playbook run is to a playbook swimlane content turbine's integrated content distribution platform content includes solutions, components, and connectors mean time to detect (mttd) a measure of the average time it takes for an organization to detect a security breach or incident mean time to respond (mttr) the time it takes to fully resolve an incident or a security concern and restore systems orchestration security orchestration is the integration of disparate security tools and platforms to enable automated incident response playbook a playbook is a set of rules describing a series of actions to be executed and the set of triggers that should execute those actions playbook action a single task within a playbook the action includes all details necessary for the execution of the task playbook condition conditional statements coded into an action or trigger within a playbook playbook input a set of inputs to a playbook that map action properties or triggers playbook (nested) a playbook that calls another playbook as an action playbook output playbook outputs are the promoted responses and/or results from a playbook's actions playbook (parent) a playbook that calls another playbook playbook run the outcome, as well as the activity, of a single execution of a playbook pod a turbine component that hosts sensors and is capable of funneling issues detected from sensors property types data types in playbook actions string, number, integer, boolean, object, array, null, date, date & time, password, code record a single entry within an application in turbine terminology individual cases, events, alarms, alerts, etc are generalized as application records remote agents allows customers to connect internal applications and systems to turbine without the need to configure multiple vpns or complex networks report a consolidated list of records role a user defined set of user and/or group permissions sensor a conduit programmed to receive and forward event information security information and event management (siem) collects, aggregates, and then identifies, categorizing and analyzing incidents and events swimlane solution packages (ssps) use swimlane solution packages (ssps, file extension ssp) to import or export a collection of playbooks, assets, applications, etc into a swimlane turbine system trigger a rule in a playbook describing which events and under what conditions a playbook should execute user an account created to enable access to the turbine ui or api the user role differs from the administrator role in turbine and typically has limited access to administrator role functionality webhooks expand actionability by enabling products, vendors, and services to push real time communication into turbine websockets communications between swimlane turbine (rabbitmq) and the remote agents are over tls secured websockets on port 443 this streamlines the deployment of turbine and prevents the need for additional hostnames or infrastructure workflow a series of conditional decision points and resulting actions that automate the presentation of record fields and layout workflow action a single task within workflow, manually defined to respond to a conditional decision point workflow condition decision points programmed into workflow workspace a customizable area within the turbine platform where you can organize and access the turbine tools and features you use on a regular basis workspaces can include applications, dashboards, records, reports, and charts