Question

Launch a playbook when an alert is triggered

  • 7 August 2023
  • 1 reply
  • 88 views

 

l have an alert rule that triigers when it detects a web attack like XSS, SQLI.

i want my playbook to starts when the alert is triggered. 

Any idea??


1 reply

Userlevel 2
Badge +1

Hi

 

LogPoint documentation on SOAR Playbook trigger can be found following below link.

Playbook Triggers — Playbooks latest documentation (logpoint.com)

Under ‘Trigger’ definition you can use following statement

SELECT * FROM LogPoint WHERE alertrule id LIKE %xxxxxxxxxxxxxx%

The AlertRule ID can be found clicking the “I” sign at the right side your alertrule.

 

 

Reply