FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
This article describes how to troubleshoot the error 'Internal server error during playbook execution'.
When the '500 Internal Server Error during a playbook execution' error is displayed while executing playbooks, it signifies that FortiSOAR is unable to create a new record for a number of different reasons.
A field type mismatch is among the most frequent causes of this issue. For example, a field is expecting a value of type 'Text' and it gets a value of type 'DateTime'.
Scope
All versions of FortiSOAR.
Solution
To resolve this issue, do the following:
1) Log onto FortiSOAR, and open the playbook that is failing in the Playbook Designer.
2) Open the playbook step for creating the record and change its input type. Some suggestions on how to fix the input type:
The majority of the default fields in the 'Create Record' step display tooltips that provide examples for the expected input type. One can also add tooltips to fields using the 'Module' settings in the Application Editor. For more information on the Application Editor, see the 'Administration Guide' present in the FortiSOAR Documentation.
If users are unsure of the type of input to use in a given field, try ingesting a record into a 'Test' playbook using the 'Manual Trigger' or the 'Find Record' step. Then check the logs of the ingested record to see the correct input type for every field that contains a value.
The expected input type for a field can be checked by navigating to the 'Modules' settings in the 'Application Editor' and searching for that field. The field type for the selected field is displayed in the 'Properties' of that field.
