Anyone knows what the exact behavior of "Playbook priority" is or how it is used? Cannot find too much on it in the manual.
Page 1 / 1
Since you should have up to a single automated playbook attached to an alert (during ingestion - After ingestion you can attach more) and more than one playbook might match trigger criteria, there should be a way to tell the system which one should be attached. Thats the priority
Thank you!
we have a 5.5.3 instance with some Prio 1 playbooks having very specific triggers, and a Prio 2 playbook having a rather "catch-all" trigger.
On 5.6, only the correct specific playbook has been attached if a trigger matched, and the Prio 2 playbook has been attached if none of the Prio 1 playbook triggers matched.
On 5.5.4, however, this did not work, instead both the Prio1 and the Prio2 playbook were automatically attached.
Can this be a bug, or was the behaviour changed beginning with 5.6?
I think its best you consult our support.
However, as far as I know, the original maximum amount of playbooks to be attached automatically (at alert ingestion) for alert was originally 3 alerts and only quite recently reduced to 1, shortly after the introduction of playbook blocks. Can't say for sure on exactly which version though...
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.