+2Its possible to run a playbook only in alerts?
Im trying to make a playbook run for specific alerts but, in alert & iocs im not founded the playbook execution for specific alert.
the reason of this is the delay from alert and opening a case on SOAR. im get a big difference between start time from alert to a create a case (2h~)
+11Alerts need to be ingested into the SOAR via the Chronicle connector prior to playbook execution. Can you provide further details on the alerts that are being delayed - rule types, run freq, etc.? Please also check - https://docs.cloud.google.com/chronicle/docs/detection/detection-delays.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.