Skip to main content

Hi,

Wanted to understand when an alert is recived in SOAR 

1. Will it go one by one through all the playbooks to check the trigger applicable to it.

2. Once a applicable trigger is found the conecrn playbook will run, will it still go the the next playbook to check for applicable trigger or will it stop.

3. If there are multiple triggers applicable to an alert, will all the playbook will run.

4. For a custom trigger, how many parameters does it support.  cannot add beyond 6 parameters. Is there any way to add more parameters beyond the limit.

Regards,

Laxmikant

Hello Laxikant, 

1. The first match which the SOAR will find trigger the playbook. But a playbook with priority 1 will always be taken before a matching trigger with the priority 2. 

2. You can add manually more playbooks to one alert, but I think automatically it will always be one playbook per alert. (You can add a task to a playbook that a new playbook will be executed on the alert)

3. As already answered in question one, I don´t think so. 

4. Custom Trigger support only 6 variables, the same as every condition can handle.
You have to choose your trigger well and specified.

~Marinus

Hello Laxikant, 

1. The first match which the SOAR will find trigger the playbook. But a playbook with priority 1 will always be taken before a matching trigger with the priority 2. 

2. You can add manually more playbooks to one alert, but I think automatically it will always be one playbook per alert. (You can add a task to a playbook that a new playbook will be executed on the alert)

3. As already answered in question one, I don´t think so. 

4. Custom Trigger support only 6 variables, the same as every condition can handle.
You have to choose your trigger well and specified.

~Marinus


Hi Marinus,

Thank you for the reply.

Now i understood (correct me if misunderstood)
Only one playbook will run by default for an trigger it matches and which has higher priority.

If wanted to execute multiple playbook then will have to handle in playbook it self.

Regards,

Laxmikant

 

Hi Marinus,

Thank you for the reply.

Now i understood (correct me if misunderstood)
Only one playbook will run by default for an trigger it matches and which has higher priority.

If wanted to execute multiple playbook then will have to handle in playbook it self.

Regards,

Laxmikant

 


Correct!
First trigger decision is the priority (upper right corner in the playbook editor)
Second trigger is the trigger itself in the playbook (but automatically chooses one playbook per Alert)
If you want to use more than one playbook per alert, add manually in the case or for example in the end of the playbook assign the second one.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.