Help
FortiSOAR Discussions
ACera2
New Contributor

Created on ‎09-21-2023 06:04 AM

Scheduling a playbook triggering

Hello Guys,

i'm trying to create a Playbook that calls me When an alert is created during the Night only.

I've tried to make a schedule but the result was distrastered. I've tried to do it with the "Wait" function but it doesn't work. Anyone has an Idea?

 

565
0 Kudos
5 REPLIES 5
srivastavad
Staff
Staff

Created on ‎09-21-2023 06:37 AM

Thanks for reaching out, request you to see  https://docs.fortinet.com/document/fortisoar/7.4.1/user-guide/915083/schedules#:~:text=the%20Schedul...

 

If still there is more that we can help with, please help us with more details, so that our experts can help facilitate a quick resolution.

539
0 Kudos
ACera2
New Contributor
In response to srivastavad

Created on ‎09-21-2023 07:12 AM

Hello,

thanks for the response, i've followed that guide already, but it isn't enough for what i need.

 

I need that the playbook works for few Hours a day, if i set up the cronetab it will run the playbook constantly during those hours. I need that the playbook runs only when the conditions are met and in night hours only.

 

I'll show you my playbook.

 

Playbook.JPGStart On create.JPGChrone job.JPG

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


I've set the parameters above and i receive a call every minuto all night long.

I need that the call stars only if the parameter in "start" step are satisfied.

 

Thanks for your time

520
0 Kudos
anarula
Staff
Staff
In response to ACera2

Created on ‎09-22-2023 02:21 AM

Thanks @ACera2 for sharing the details of requirement.

 

For your use case, keep the trigger same ( as you shown in the screenshot), which means Playbook will trigger all the time (day and night) whenever the trigger condition is met.

 

Next, you need to add a decision step after trigger to validate the time of the day., and branch of to either sending you notification, or continuing the usual path.

 

@Suyog can you please arrange for an example of Playbook which looks up Trigger Time and branches off to different path when its after 20.00 hours.

CTO (SOAR Business) | VP of Engineering
473
sjinturkar_FTNT
Staff
Staff
In response to anarula

Created on ‎09-22-2023 04:52 AM

I have created a sample playbook for you and attached here for to tryout  

Please note, attached playbook works on an update trigger and using 'assigneddate' field from 'Alert' module to calculate the time. Please feel to change it as per your needs.

Following are some screenshots of my playbook execution which covers both paths, i.e. dial analyst or skip;

 

Snip20230922_12.png

 

Snip20230922_13.png

 

Suyog Jinturkar
1 Playbook - 01 - Drafts (2023922512).json
463
yashbhagwanani
New Contributor III

Created on ‎09-22-2023 09:21 AM Edited on ‎09-22-2023 09:21 AM

Hello ACera2,

I recently happened to implement a similar logic and this is what I did.

 

I created a playbook using 'Find Alerts' action, and add a condition to check with the Alert name and created on in last X minutes. Say for e.g. 10

Then create a schedule for that playbook and add the crontab value for the night time and run the schedule every X minutes , for e.g 9 minutes as we are searching the alert in past 10 minutes.

Crontab - Mins: 9,19,29,39,49,59 Hours:0-8 

 

This solution works well for me!

 

Thank you

Yash Bhagwanani
Yash Bhagwanani
444
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.