Skip to main content

I'm working on an automation use case in Chronicle SOAR where we need to execute multiple actions on a scheduled basis—without creating any cases or using playbooks. The goal is to have a single job that:

  1. Runs daily on a schedule.
  2. Executes an action (Athena action) and waits for it to finish.
  3. Executes two more actions sequentially, ensuring each one completes before moving to the next.

Does anyone know if Chronicle SOAR jobs can directly execute actions, or if we’d need to rely on API-based execution like this? Are there any better ways to handle scheduled automation outside of playbooks?

Thanks in advance!

Actions, in the strict sense of integrations actions, run in the context of a case/alert. So calling or executing actions from within a job is not possible, as the action needs an alert/case context to run on. You can however, use pieces of the logic in the different actions within your Jobs. Most integrations will have a manager that aggregates all the external api requests to any giving system - you can re-use those from within a job, but you are limited to the managers and code of the same integration - eg. You cannot use email manager from a job in your EDR integration.

What is the reasoning for not wanting a case-playbook involved?

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.