Hi community friends,
I am wondering if I could have multiple triggers yet interrelated in a SOAR playbook. Just to give an example, say I want to check for all emails for potential phishing attempt but only those which are smtp-inbound. Now these two are in different UDMs. one is product type - Email and other one is principal application which is smtp-inbound. How do I achieve this?
Hey
“Custom Trigger” allows you to build triggers and reference different fields.
You will need to find the correct placeholder that corresponds to the key against which you want to make the trigger work.
You can use a trigger with multiple conditions with an and between them. You could also build that logic into the detection rule itself.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.