Playbooks
Playbooks are the structured assessment templates of InfraScout. A playbook is a markdown document that describes a specific type of infrastructure review — what to check, in what order, and what findings to save. InfraScout serves playbooks as MCP resources so Claude can retrieve them and follow them step by step. The result is a consistent, repeatable assessment process that doesn't depend on prompting skill.
Built-In Playbooks
InfraScout ships six built-in playbooks covering the most common assessment scenarios. Each playbook targets a distinct domain and provides Claude with the scope, checks, and Insight criteria it needs to complete the review without additional guidance from you.
| Playbook | What it assesses |
|---|---|
| AD Assessment | Active Directory health: users, groups, GPOs, domain controllers, replication, and privilege hygiene |
| Azure Tier Audit | Azure subscription structure, resource governance, RBAC assignments, and cost exposure |
| Exchange Assessment | Exchange Online and on-premises configuration, mail flow rules, connector security, and recipient policies |
| Infrastructure Review | General server health across Windows and Linux: services, disk, patching, and configuration baselines |
| PKI Assessment | Certificate authority health, certificate expiry, chain validity, and revocation infrastructure |
| Security Review | Broad security posture review: account hygiene, MFA, Conditional Access, Defender status, and patch levels |
To use a built-in playbook, ask Claude which one you want and name the target:
"Get the Security Review playbook and follow it against dc01."
Claude calls playbook_get to retrieve the content, then works through it against the specified agent.
Using a Playbook
You can browse available playbooks at any time by asking Claude to list them. Claude calls playbook_list and returns the names and descriptions of all published playbooks — both built-in and any custom ones your team has created. To start a playbook-driven assessment, work through the following sequence:
- Tell Claude which playbook to use and which agent or agent group to target.
- Claude retrieves the playbook with
playbook_getand reads the instructions. - Claude opens a session with
session_startand works through the playbook checks in order. - Findings are saved as Insights as Claude progresses through each section.
- Claude calls
session_submitwhen the playbook is complete.
You don't need to manage these steps yourself. Once you've named the playbook and the target, Claude handles the rest and keeps you informed as it works.
TIP
If you're not sure which playbook to use, ask Claude: "List the available InfraScout playbooks." Claude will describe each one so you can choose the right fit for your assessment goal.
Authoring Your Own Playbooks
You can write custom playbooks tailored to your environment. A playbook is a markdown document structured as sections and steps — each section describes a category of checks, each step describes what to investigate and what Insight to save if an issue is found.
Playbooks are managed in the dashboard under Settings → Playbooks. Create a new playbook, give it a name and description, and write the content in the editor. Save it as a draft first and publish it when it's ready for use.
TIP
Start with a built-in playbook as a model for your own. Retrieve one in Claude with playbook_get, study its structure, and adapt it for your environment. Built-in playbooks show how to organize check categories, phrase step instructions, and define Insight criteria.
Playbook Lifecycle
Every playbook has a status that controls its availability to Claude. A draft playbook is a work in progress and is not yet available for assessments — Claude will not return it in playbook_list results. A published playbook is active and available to Claude; it appears in playbook_list and can be retrieved and followed in any assessment session. An archived playbook is no longer in active use but is preserved so that historical sessions that referenced it remain traceable.
To move a playbook from draft to production, go to Settings → Playbooks, open the playbook, and click Publish. You can archive a published playbook from the same screen when it's no longer needed.
Reusable Modules
If you have checks that appear across multiple playbooks — for example, a standard set of Windows baseline checks or a recurring Entra ID hygiene section — you can extract them into a playbook module. Modules are stored separately from playbooks and referenced by name within the playbook content.
When Claude retrieves a playbook that includes modules, it calls playbook_module_get for each referenced module and incorporates the content before starting the assessment. This keeps your playbooks concise and ensures that any update to a shared module propagates automatically to every playbook that uses it, without manual copy-and-paste.
Related
- Running Assessments — how Claude drives a session from start to submission
- Insights — how findings are structured, tracked, and resolved