A trigger is defined during the beginning phase of creating a playbook. It specifies the instance for which a playbook must be triggered in case of an alert detection. To add the trigger to a playbook, you must drag and drop one of the triggers to the yellow Drag Trigger box in the middle pane.
After dropping the trigger, its name and symbol appear on the Drag Trigger box.
The following Triggers are currently supported:
- Alert Trigger Value
- Alert Type
- Tag Name
- Product Name
- Network Name
- Custom List
- Custom Trigger
- All: Playbook is run on every alert that is ingested into the Siemplify platform.
To add a trigger:
- Click on Alert Type and drag it to the trigger box.
- Click on it to open a new Description popup window.
- Under Parameters, click the equals sign and select either Equals, Contains or Starts With option from the signs menu.
- Select the required parameter from the drop-down menu. In this case, we have chosen an Alert Type based on any alert that contains Suspected Malware Communication.
Note that once you specify the trigger parameter and save it, the parameter name appears as the title header of the Drag Trigger box and is non-editable.
- Click Save. The specified trigger parameter is saved and you return to the playbook page where you can define the next set of components (actions and/or flow) for the playbook.
Need more help with this?
Click here to open a Support ticket