+1Hi I'm new to Google SecOps and need some guidance please?
I need to be able to send an email whenever a case is raised to an incident. I assume that a playbook will be required using the Send Email action from the Emailv2 integration but am unclear on how to trigger the playbook. We are using the Customer Configuration in Settings > Advanced > Email Settings.
If anyone could provide a sample playbook or details on how to achieve this I would be grateful.
Regards,
+5@hackermartin017 This is achieved by using an Action in your playbook like in the example of the documentation: https://cloud.google.com/chronicle/docs/soar/respond/working-with-playbooks/using-actions-in-playbooks First you use trigger to alert: https://cloud.google.com/chronicle/docs/soar/respond/working-with-playbooks/using-actions-in-playbooks then you move to action.
Here are also the details to build your first playbook: https://cloud.google.com/chronicle/docs/soar/respond/start-developing/my-first-automation
+4Hey,
that could be a way to do this
1. Use a Tools - Get Case Data in your playbook to get information about the Case
-> you need "mark as incident" as status. Grab this with the expression builder
2. Build a Condition based on the output from Tools - Get Case Data
3. YES Branch -> Siemplify - Raise Incident -> Send Email;
For Else Branch add a Comment to give information
Regards,
+1Hey,
that could be a way to do this
1. Use a Tools - Get Case Data in your playbook to get information about the Case
-> you need "mark as incident" as status. Grab this with the expression builder
2. Build a Condition based on the output from Tools - Get Case Data
3. YES Branch -> Siemplify - Raise Incident -> Send Email;
For Else Branch add a Comment to give information
Regards,
Thanks this is very helpful, will investigate further.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
