Introduction

Users can configure multiple instances of the same integration for the same environment. This feature provides users with greater flexibility and granularity when creating and running Playbooks. For example, when building a Playbook which caters to a customer with two sites, each site using its own Active Directory, you can now configure two instances of the same integration for the same environment and choose between them within the Playbook step.

This feature is configured in the Marketplace > Integrations > Configure Screen and supported by the Choose Instance field in the Playbook step, as well as the new multi-select environment option.

Configure Screen. Let’s take a look at the Configure Screen. This screen comes with two predefined options on the left. One is called Shared instances and the other is the Default Environment (referred to as No Environment in releases prior to 5.5.0). In the screenshot below, we have defined two extra environments.

Shared Instances acts as a type of library for configured integrations that can be used for all environments that are created both now and in the future. The Shared instances repository also contains Siemplify predefined Integrations out of the box.
Any environment that you create in the Settings > Environments tab will appear in the list on the left.
You can choose to filter the display of environments and hide empty environments. Enterprise customers will primarily be working with the default environment.

Configure Instance: You add an instance by selecting an environment on the left side of the page and then on the plus sign on the top right. Select the Integration and then configure the parameters for the specific instance of that Integration. You must configure an instance of an Integration in order to use it in a Playbook. To reconfigure or edit this instance in the future, you can click on the Gear icon. To add two instances of the same Integration per environment, simply configure a second instance.

Select Environment. Now, let’s navigate to the Playbooks screen and take a look at the Multi-select environment option that appears when you create a new Playbook. You have two choices: one is to select All environments. This means that this Playbook will run on all current environments defined in the system as well as all environments that will be added in the future.
The second option is to select one or more environments for the Playbook to run on.

Note that selecting multiple or all environments will affect the type of Instance you can configure for the Playbook steps. Let’s delve deeper into this.

Configure Instance. Now we will navigate to a Playbook step that contains an Integration. What will appear in the Configure Instance field depends both on what Instances you created and also on what environments you chose when creating the Playbook.
If you chose All Environments or Several environments: the first option in configure instance is “Dynamic Mode”.
Dynamic Mode: Dynamic mode means that when the playbook is attached to a case, Siemplify will try to access the instance of the integration configured for the case environment
Fallback Instance: This is optional. Define a Fallback instance from the Shared Instances to be used if there is no environment associated with this Integration. If there is nothing defined in the Shared Instances then you will not be able to choose anything here.
Note: If you choose dynamic mode, and there are two instances defined in the associated environment, then the Playbook will stop and wait for the analyst to provide manual input.

If you choose a single environment, then the Configure Instance will allow you to choose the Integration that you have configured for that specific Action, or the Shared Instance integration.

Let’s look at a few examples of this feature.

Use Case #1 Two Instances in a Default Environment

In this scenario, I have one enterprise network separated to two sites – US and UK. For each of the sites i want to have a separate Active Directory configuration.
Therefore, I need to configure two instances of ActiveDirectory integration for the same environment and then have the Playbook select the required one at runtime.

Install an Integration

  1. Navigate to Marketplace > Integrations.
  2. Search for the required Integration. For this example, we will be using Active Directory.
  3. Install it.

Configure an Instance

  1. In the Marketplace > Integrations, click on the Configure tab.
  2. In the Environments list on the left, click on the Environment you want to create an Instance for. For this example, we will use the Default environment.
  3. On the right of the screen, click Add Integration.
  4. Select the required Integration and click Save. In this example, we have selected Active Directory.
  5. In the Configuration screen that displays, add in all the relevant information and parameters. We will configure it for users in the US site. When finished, click Save. You can also click Test to make sure that the configuration works.
  6. Now, let’s add another instance of the Active Directory. And this time we will configure it for users in the UK site. Click Save when fully configured.
  7. Note that you can make changes at a later stage if needed. Once configured, the Instances can be used in Playbooks.

Use this Instance in Playbooks

  1. Navigate to Playbooks screen and click the plus icon to add a Playbook.
  2. Make sure to select the relevant folder and for this example, to choose the Default Environment. We will talk in more detail about which Environment to choose later on in this How To guide.
  3. In the Actions, under Active_Directory, let’s choose Enrich Entities and drag it into a Step and then click on it.
  4. In the Choose Instance field, select the Instance – either UK site or US site that this Playbook will be triggered for.

Use Case # 2 Dynamic Mode in Multi Environments

In this scenario, as an MSSP, I have several different customers with each one defined in a different environment. At runtime of the Playbook, I want the Playbook to choose the environment “dynamically” based on which environment the case has come in from.

Define environments:

  1. Navigate to Settings > Organization > Environments screen.
  2. Click on the plus sign and define the required environment with the parameters.
  3. Create several new environments.

Install an Integration

  1. Navigate to Marketplace > Integrations.
  2. Search for the required Integration. For this example, we will be using Alien Vault.
  3. Install it.

Configure Instances

  1. In the Marketplace > Integrations, select each customer and click on the Configure tab.
  2. Configure each environment with the the Alien Vault integration instance according to the needs of each customer.

Set up Playbooks

  1. Navigate to Playbooks tab.
  2. Create a Playbook making sure to select the environments you created and configured above.
    .
  3. When using the Alien Vault ping action, select Dynamic Mode. This ensures that Siemplify will check which environment the case comes from at run time and apply that specific instance to it.

Need more help with this?
Click here to open a Support ticket

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.