Run Automation
Notice
This feature is available in CFTR v3.3.1 and later versions.
To streamline and accelerate incident response, the administrator associates automations with the phases of an incident. You can access the automations in the Automations section of the respective phases of an incident. You can run the automation to perform specific actions during incident response quickly.
Since automations are associated with incident workflows, the automations appear in an incident, when the incident is created in the open state and does not appear in untriaged incidents.
Before you Start
Ensure that Orchestrate integration is enabled in CFTR.
Ensure that you have assigned a user to the incident.
Steps
To run an automation, do the following:
Note
You can run the automations that are mapped to the ongoing phase of the incident only.
Go to Menu > Incidents and select an incident.
Go to Response and click the ongoing phase of the incident.
Note
You can identify the ongoing phase of an incident from the Incident Phase Timeline of the incident Summary.
From Automations, identify the automation to run and click Run Automation.
If the automation uses an app action of Orchestrate, enter the input data required by the action and click Trigger Automation.
After you trigger an automation, the automation runs in the background. If the automation uses a Orchestrate playbook, you can view the status in Run Logs under Playbooks. Click a run log to view the details. If the automation uses an app action of Orchestrate, you can view the details in the Terminal under Mission Control.
Note
To run the associated playbook of an automation, your user group must have the required permissions based on the playbook tags. For more information, see Create User Group.