Custom Playbook to notify for any Outbreak Alert FAZ

Forum|Forum|2 years ago
December 18, 2023
3 replies
1829 views

Greetings.

Hi, I would like to create a custom PB to run a report and then notify any Outbreak Alert detection.

I started with:

1. Event trigger (basic handler name --> contains --> "Outbreak Alert")

2. Create Incident

3. Attack data to incident

4. Run report (about incidents)

There are a problem, when creating the PB, it seems that Event Trigger doesn't accept "Outbreak Alert" as "basic handler name" using CONTAINS, only specific handler names.

How can this be achieve?

Thank you!

FortiAnalyzer

Anthony_E

Staff

Hello gwaihir,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

vraev

Staff

Please review the following articles:

https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-How-to-create-a-custom-playbook-using-an-event/ta-p/253090

https://docs.fortinet.com/document/fortianalyzer/7.2.2/administration-guide/28682/playbooks
https://docs.fortinet.com/document/fortianalyzer/7.2.2/administration-guide/691884/configuring-playbook-automation
https://docs.fortinet.com/document/fortianalyzer/7.2.2/administration-guide/813113/analyzing-an-incident
https://docs.fortinet.com/document/fortianalyzer/6.4.0/new-features/447371/default-playbook-template-improvements-6-4-1
https://docs.fortinet.com/document/fortianalyzer/7.0.0/new-features/949810/importing-and-exporting-playbooks
https://docs.fortinet.com/document/fortianalyzer/7.2.2/administration-guide/763118/configuring-tasks-using-variables
https://docs.fortinet.com/document/fortianalyzer/6.4.0/new-features/893685/automation-playbooks

Jack_wack

Explorer II

show us a screenshot of the trigger settings

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded