Skip to main content

Hi,

I have a use case where there are multiple instances of the same integration in my environment, let's say for example, some firewalls (same technology) each with its configuration and API endpoint.

Given an alert, I want to execute an action on a specific firewall via a playbook. When I add the action to the playbook I need to select the specific instance I want the action to be executed on.

This is fine if I have few different instances, but let's say I have 10. Is there no way to dynamically select the instance for which I want the action to be executed? Do I really need to create 10 identical playbooks with only the instance parameter changing?

Thanks.

Try using dynamic mode to specify the instance - https://cloud.google.com/chronicle/docs/soar/respond/working-with-playbooks/specify-instance-in-dynamic-mode

Try using dynamic mode to specify the instance - https://cloud.google.com/chronicle/docs/soar/respond/working-with-playbooks/specify-instance-in-dynamic-mode


Thanks, that works!

Just wondering why I am forced to select the instance if the playbook is in a single environment...
As far as I can see I cannot force the system to accept a dynamic name in that case.

Still, for my use case that works and solves the issue.
Thanks!

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.