Skip to main content

Cyware Orchestrate

Events, Labels, and Tags

What is a triggered event?

A triggered event executes a Playbook through a manual trigger. You can trigger these events through the OpenAPI, webhook, syslog and external platforms like CFTR, CTIX, Splunk and more. While creating a triggered event, you can define a label for a Playbook and input data for the start node of a Playbook. Triggered events also displays the log of events that you have received from your integrated products like CFTR, CTIX, Splunk, and more.

What are Configure Triggers?

A configure trigger maps a label to an event to automatically execute a Playbook on the occurrence of an event. You can create a configure trigger by configuring the event source app, source event type, and label. The configure trigger must be in active status to execute associated Playbooks on the occurrence of an event.

What are active and inactive configure triggers?

If the status of a configure trigger is Active, then a label is mapped to an event and the associated Playbooks are executed on the occurrence of an event. However, if the status of a configure trigger in Inactive, then a label is mapped to an event but the associated Playbooks are not executed on the occurrence of an event.

What is the purpose of a tag?

A tag is a property associated with a Playbook to implement the role based access control (RBAC) in a Playbook on CFTR. Example: If you are a SOC (Security Operations Centre) manager, then you can implement RBAC in Playbook using tags and you can limit permissions like editing or executing a Playbook for junior security analysts.

What is the purpose of a label?

A label is an identifier attached to a Playbook that helps Orchestrate to automatically trigger the execution of Playbooks on the occurrence of an event. Security analysts can create a label and use these labels to map events and Playbooks. You can use Filters to select labels and view Playbooks that are associated with that label.

Who can access the triggered events?

If you have permission to create or update source events, then you can access the triggered events.

What is the difference between labels and tags?

A label is an identifier attached to a Playbook that helps Orchestrate to automatically trigger the execution of Playbooks on the occurrence of an event. Security analysts can create a label and use these labels to map events and Playbooks.

A tag is a property associated with a Playbook to implement the role based access control (RBAC) in a Playbook on CFTR.