Hello Guys,
i'm trying to create a Playbook that calls me When an alert is created during the Night only.
I've tried to make a schedule but the result was distrastered. I've tried to do it with the "Wait" function but it doesn't work. Anyone has an Idea?
Created on 09-21-2023 06:37 AM
Thanks for reaching out, request you to see https://docs.fortinet.com/document/fortisoar/7.4.1/user-guide/915083/schedules#:~:text=the%20Schedul...
If still there is more that we can help with, please help us with more details, so that our experts can help facilitate a quick resolution.
Hello,
thanks for the response, i've followed that guide already, but it isn't enough for what i need.
I need that the playbook works for few Hours a day, if i set up the cronetab it will run the playbook constantly during those hours. I need that the playbook runs only when the conditions are met and in night hours only.
I'll show you my playbook.
I've set the parameters above and i receive a call every minuto all night long.
I need that the call stars only if the parameter in "start" step are satisfied.
Thanks for your time
Thanks @ACera2 for sharing the details of requirement.
For your use case, keep the trigger same ( as you shown in the screenshot), which means Playbook will trigger all the time (day and night) whenever the trigger condition is met.
Next, you need to add a decision step after trigger to validate the time of the day., and branch of to either sending you notification, or continuing the usual path.
@Suyog can you please arrange for an example of Playbook which looks up Trigger Time and branches off to different path when its after 20.00 hours.
I have created a sample playbook for you and attached here for to tryout
Please note, attached playbook works on an update trigger and using 'assigneddate' field from 'Alert' module to calculate the time. Please feel to change it as per your needs.
Following are some screenshots of my playbook execution which covers both paths, i.e. dial analyst or skip;
Hello ACera2,
I recently happened to implement a similar logic and this is what I did.
I created a playbook using 'Find Alerts' action, and add a condition to check with the Alert name and created on in last X minutes. Say for e.g. 10
Then create a schedule for that playbook and add the crontab value for the night time and run the schedule every X minutes , for e.g 9 minutes as we are searching the alert in past 10 minutes.
Crontab - Mins: 9,19,29,39,49,59 Hours:0-8
This solution works well for me!
Thank you
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.