Hi, is there a way to schedule playbooks and have them run automatically?
Schedule playbooks
+7
Yeah
@nik_k
, best way is to use the custom integration to create a case and attach the playbook you want to schedule periodically to it.
@Louis_Mesmin
, i don't think you can schedule the Playbook with a job.
Best solution will be a scheduling module added to the platform which will be very beneficial. The first SOAR I worked with has this functionality of scheduling playbooks to run based on cron job schedule and the playbook name to be executed.
+14- Silver 4
Yeah
@nik_k
, best way is to use the custom integration to create a case and attach the playbook you want to schedule periodically to it.
@Louis_Mesmin
, i don't think you can schedule the Playbook with a job.
Best solution will be a scheduling module added to the platform which will be very beneficial. The first SOAR I worked with has this functionality of scheduling playbooks to run based on cron job schedule and the playbook name to be executed.
Hi @Joseph3 , Can you explain a bit more since i want to schedule a playbook to run certain actions without creating cases and can u explain how to do it in chronicle SOAR
"Best solution will be a scheduling module added to the platform which will be very beneficial. The first SOAR I worked with has this functionality of scheduling playbooks to run based on cron job schedule and the playbook name to be executed."
+3You can use the a scheduled connector to trigger a case on a schedule and then attach a playbook to it:
- Install the "Connectors" powerup from the POWER UPS tab in the Marketplace
- Go to SOAR Settings> Ingestion > Connectors and add a new connector:
- Scheduled Connector: To execute on a simple schedule (every x amount of minutes, hours days etc)
- Cron Scheduled Connetor: To execute on a cron expression
- You can then configure the details of the alert the connector will trigger. You can add specific fields that could be use by your playbook or if no context is needed, just give it a name you can use to trigger your playbook from:
In my example, the connector will create an alert every 24 hours with the name "My Scheduled Playbook" - Make sure to add the alert type as you will have a direct trigger to that field when configuring your playbook.
- Make sure to save and enable the connector. It will start creating the alerts on the schedule that you defined.
- You can now create a playbook with Alert Type trigger to match your scheduled alert.
You can always add tags to the case in the playbook and auto closure so you can track those scheduled executions and exclude them from your metrics if needed -or tracked them separately.
+6- Bronze 1
You can use the a scheduled connector to trigger a case on a schedule and then attach a playbook to it:
- Install the "Connectors" powerup from the POWER UPS tab in the Marketplace
- Go to SOAR Settings> Ingestion > Connectors and add a new connector:
- Scheduled Connector: To execute on a simple schedule (every x amount of minutes, hours days etc)
- Cron Scheduled Connetor: To execute on a cron expression
- You can then configure the details of the alert the connector will trigger. You can add specific fields that could be use by your playbook or if no context is needed, just give it a name you can use to trigger your playbook from:
In my example, the connector will create an alert every 24 hours with the name "My Scheduled Playbook" - Make sure to add the alert type as you will have a direct trigger to that field when configuring your playbook.
- Make sure to save and enable the connector. It will start creating the alerts on the schedule that you defined.
- You can now create a playbook with Alert Type trigger to match your scheduled alert.
You can always add tags to the case in the playbook and auto closure so you can track those scheduled executions and exclude them from your metrics if needed -or tracked them separately.
Hi @josemarin ,
I looks like it only creates case in Default Environment. I tried creating case in different environment but its not working: connector output showing environment as null
Have you encountered this issue?
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.