l have an alert rule that triigers when it detects a web attack like XSS, SQLI.
i want my playbook to starts when the alert is triggered.
Any idea??
Userlevel 2
+1
Hi
LogPoint documentation on SOAR Playbook trigger can be found following below link.
Playbook Triggers — Playbooks latest documentation (logpoint.com)
Under ‘Trigger’ definition you can use following statement
SELECT * FROM LogPoint WHERE alertrule id LIKE %xxxxxxxxxxxxxx%
The AlertRule ID can be found clicking the “I” sign at the right side your alertrule.
Reply
Sign up
Already have an account? Login
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInLogin to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInEnter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.