Hi everyone,
I've created an SLA playbook that alerts analysts when a critical SLA threshold is reached, along with dedicated playbooks for specific types of alerts. The SLA playbook is configured to attach to all alerts, while the dedicated playbooks are meant to trigger based on specific alert types. However, I'm noticing that the SLA playbook is being attached to alerts instead of the appropriate dedicated playbooks. Does anyone know why this might be happening?
Playbook prioritization
+3- Bronze 1
+12- Bronze 5
Hi @Akshay04,
IIRC only a single playbook can be attached to an alert automatically. You likely have a higher priority for the SLA playbook as you mentioned that you configured it to attach to all alerts - this is the only one that will ever be attached. As a workaround, you can have a conditional within your SLA playbook and programatically attach additional playbooks to the case as per your requirements using the SOAR action.
Alternatively, you can have the SLA component configured as a Block and attach the blocks to the relevant playbooks - this is what we've done internally.
+3- Bronze 1
Hi @Akshay04,
IIRC only a single playbook can be attached to an alert automatically. You likely have a higher priority for the SLA playbook as you mentioned that you configured it to attach to all alerts - this is the only one that will ever be attached. As a workaround, you can have a conditional within your SLA playbook and programatically attach additional playbooks to the case as per your requirements using the SOAR action.
Alternatively, you can have the SLA component configured as a Block and attach the blocks to the relevant playbooks - this is what we've done internally.
Can you share me your SLA Play book flow? i had added "Delay playbook" as a step which is not at all reliable for added it as a block in other playbooks.
Playbook Flow
Trigger Node (Yellow - All Cases)
Purpose: This node initiates the playbook for all incoming cases.(Except the alerts wich already have playbooks).
Trigger: Automatically runs when a new case is opened.
Step 1: Tools_Get Case SLA
Function: Retrieves SLA and critical SLA values associated with the case.
Output: Provides SLA timestamps in multiple formats.
Step 2: Tools_Get Current DateTime
Function: Captures the current system time when the playbook is triggered.
Step 3: Functions_Time Difference
Function: Calculates the time difference between the current time and the SLA deadline.
Use Case: Determines how much time is left before SLA breach.
Step 4: Tools_Delay Playbook
Function: Delays the next steps in the playbook execution until the SLA threshold (e.g., 10 minutes before breach).
Purpose: Prevents early alerting; ensures timely action.
Step 5: Slack_Send Advanced Message
Function: Sends an advanced formatted message to a predefined Slack channel.
+12- Bronze 5
Can you share me your SLA Play book flow? i had added "Delay playbook" as a step which is not at all reliable for added it as a block in other playbooks.
Playbook Flow
Trigger Node (Yellow - All Cases)
Purpose: This node initiates the playbook for all incoming cases.(Except the alerts wich already have playbooks).
Trigger: Automatically runs when a new case is opened.
Step 1: Tools_Get Case SLA
Function: Retrieves SLA and critical SLA values associated with the case.
Output: Provides SLA timestamps in multiple formats.
Step 2: Tools_Get Current DateTime
Function: Captures the current system time when the playbook is triggered.
Step 3: Functions_Time Difference
Function: Calculates the time difference between the current time and the SLA deadline.
Use Case: Determines how much time is left before SLA breach.
Step 4: Tools_Delay Playbook
Function: Delays the next steps in the playbook execution until the SLA threshold (e.g., 10 minutes before breach).
Purpose: Prevents early alerting; ensures timely action.
Step 5: Slack_Send Advanced Message
Function: Sends an advanced formatted message to a predefined Slack channel.
You could do something like:
- Create a block for SLA retrieval - Steps 1-3
- Move Steps 4-5 into the individual playbooks (Moves delay out of the blocks)
In the SLA that we use, we have a similar flow but also have steps for setting longer SLAs based on the day of the week and assigning it to specific teams. We also have the Delay component at the end of the playbook with send message to ensure that we don't disrupt the rest of the playbook's functionality.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.