Choose the entities to which a manual action of a playbook will be applied
Miquel_Tur Siemplify Champion
Ideally, these actions should be made automatic, but sometimes you need analysts to take action and only execute certain actions on certain assets and not on all of them (for example to reduce time, license costs, or to exempt entities)
So I suggest that for manual actions, within a playbook, being able to choose which assets to run on, as when you throw an manual action out of the playbook.
There is already a flow called "MultiChoiceQuestion" which allows you to ask a question to the analyst with a maximum of 6 "predefined answers" per question. The number of question equals to the number of branches you will get from that.
Maybe I amb wrong but in the cases I have I think it will be dificult to implement with the "MultiChoiceQuestion".
For example, I have some alerts where I have more than 3 domains that could be malicious or not and I need to whitelist them if are good to discart them on future alerts. So, I can put an instruction to the analist to do it manually, but I think it could be more dynamic if the own action of the playbook allows to select the specific entities you want to run on the action.
Maybe I could make a flow and creat custom actions to be able to do it, but I think it could be easy to implement this feature and could simplify some flows and actions to analists.
Thanks for your comment!