Why can't I run created playbooks on Alerts/Incidents?

gwaihir · ‎09-21-2024

Hello Community.

I'm trying to run some newly created playbooks with Manual Trigger using csadmin user, then I want to run it on ingested alerts from SIEM or escalated alerts (incidents) using the Execute option at the bottom of each record, but I can't see the playbooks that I want to run. Why is this happening?

Regards!

ranjeet · ‎09-21-2024

Hi @gwaihir ,

First, ensure that the playbook is in an active state.

Make sure that the Trigger Button Label is not empty. If you want to run the playbook on an alert, select the alert in the "Execution Behaviour" settings.

After setting the trigger point, go to alerts and refresh the FortiSOAR webpage. Then, select an alert and click on "Execute". You should see the Trigger Button Label you set in the trigger point, along with the playbook collection name where the playbook is located.

If you need assistance or more details, feel free to reach out to me at ranjeet.nagane@spryiq.co or swapnil@spryiq.co.

View solution in original post

ranjeet · ‎09-21-2024

Hi @gwaihir ,

First, ensure that the playbook is in an active state.

Make sure that the Trigger Button Label is not empty. If you want to run the playbook on an alert, select the alert in the "Execution Behaviour" settings.

After setting the trigger point, go to alerts and refresh the FortiSOAR webpage. Then, select an alert and click on "Execute". You should see the Trigger Button Label you set in the trigger point, along with the playbook collection name where the playbook is located.

If you need assistance or more details, feel free to reach out to me at ranjeet.nagane@spryiq.co or swapnil@spryiq.co.

gwaihir · ‎09-22-2024

Hello @ranjeet thank you for your reply, works perfectly!

Why can't I run created playbooks on Alerts/Incidents?

Nominate a Forum Post for Knowledge Article Creation