Skip to main content

Hi I'm new to Google SecOps and need some guidance please?

I need to be able to send an email whenever a case is raised to an incident. I assume that a playbook will be required using the Send Email action from the Emailv2 integration but am unclear on how to trigger the playbook. We are using the Customer Configuration in Settings > Advanced > Email Settings.

If anyone could provide a sample playbook or details on how to achieve this I would be grateful.

Regards,

@hackermartin017 This is achieved by using an Action in your playbook like in the example of the documentation: https://cloud.google.com/chronicle/docs/soar/respond/working-with-playbooks/using-actions-in-playbooks First you use trigger to alert: https://cloud.google.com/chronicle/docs/soar/respond/working-with-playbooks/using-actions-in-playbooks then you move to action. 


Here are also the details to build your first playbook: https://cloud.google.com/chronicle/docs/soar/respond/start-developing/my-first-automation


Hey,
that could be a way to do this

1. Use a Tools - Get Case Data in your playbook to get information about the Case
-> you need "mark as incident" as status. Grab this with the expression builder 
2. Build a Condition based on the output from Tools - Get Case Data
3. YES Branch ->
Siemplify - Raise Incident -> Send Email;
      For Else Branch add a Comment to give information


Regards,

 

Hey,
that could be a way to do this

1. Use a Tools - Get Case Data in your playbook to get information about the Case
-> you need "mark as incident" as status. Grab this with the expression builder 
2. Build a Condition based on the output from Tools - Get Case Data
3. YES Branch ->
Siemplify - Raise Incident -> Send Email;
      For Else Branch add a Comment to give information


Regards,

 

Thanks this is very helpful, will investigate further.


Reply