This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Here’s where you’ll find a buzzing community of Security professionals from around the world with one common mission: bringing their Security platforms to the next level.
Is there any way to set one view based on two different playbooks? One
playbook is general and enrich data from Chronicle SIEM and similar
cases, etc. The other one is more drill down based on the alert (EDR,
MAIL, etc).I want a main view page that w...
Hi.I have a collection of playbooks that I want to initiate whenever a
new case is opened.One playbook utilizes an "all" trigger, meaning it's
linked to all new cases.Additionally, another playbook is created based
on the tag name.All tags have been ...
Is there a way to automate it when there are multiple instances in one
Environment? For example, 3 tenants with different AAD integrations. is
there a way to automate the identification of the relevant instance?
right now I`m creating a separate bran...
Hey,I`m struggling with some issues when trying to present insight on
the case\ alert page after enrichment actions, for example, QRadar AQL
search or AAD user enrichment.I tried using the "Insights_Create Entity
Insight From JSON" action but no luck...
You are very helpful!One last issue - I created the playbook and block
as described. the strings function indeed works!But when I use the input
placeholder it says the following error: Message: The chosen fallback
integration instance is missing / in...
Hi @f3rz , Thank you, I will try to use Block instead.But, how can I
define the Instance name in the input?Now I`m doing it with a playbook
condition - if alert name starts with "X" (tenant name) than use the X
branch.