The playbook has a number of components, including rules, workflows, Python scripts, custom fields, data tables and message destinations.
An extension can provide one or more components to address a specific circumstance. For example, IBM Resilient provides a Python script that parses incoming email messages, such as from a phishing email service. You deploy the script to your Resilient platform and customize it for your environment.
Learn about Email
Functions typically contain multiple playbook components that address a specific integration or type of event.
For example, the LDAP Utilities function package contains multiple functions, each with example rules and workflows. Together, they initiate LDAP tasks from the Resilient platform to an external LDAP server and use the returned results to update incidents, artifacts, data tables and so on.
Learn about Functions