Skip to main content

Cyware Orchestrate

Create Trigger Event Manually

Creating events helps analysts to foresee any security incidents in their organization. Playbooks can be created and executed manually in response to such incidents. In Orchestrate, a Triggered Event executes a Playbook through a manual trigger.

While creating a triggered event, the label for a Playbook and input data for the start node of a Playbook are defined. In addition, the triggered event listing displays the log of events that you have received from your integrated products like CFTR, CTIX, Splunk, and more.

Before you Start

Ensure that you have the following permissions.

  • Create/Update Playbooks

  • Run Playbooks

  • Create/Update Labels

  • Create/Update Source Events

Steps

  1. Create a triggered event

  2. Map labels to a Playbook

  3. Manually trigger event for a Playbook

Create a Triggered Event

A triggered event is a configuration to manually run a Playbook when there is a demand for its execution.

To create a triggered event:

  1. Sign in to Orchestrate, and go to Main Menu > Triggered Events.

  2. Click Add Triggered Event, and enter the following details:

    • Title: Enter a relevant title for the event. For example, system breach.

    • Label(s): Choose one or more labels from the dropdown. For more information, see create labels.

    • Data: Enter the event data in a JSON format.

      triggered-event-data.png

  3. Click Create.

    A triggered event will be created.

Map Labels to a Playbook

By adding labels to a Playbook, you can map a triggered event to the Playbook.

To map labels to a Playbook:

  1. Go to Manage Playbooks.

  2. Open a Playbook, and click Edit Playbook.

  3. Click Playbook Overview.

  4. Under Select Label(s), choose one or more labels to associate them with the Playbook.

    Once done, close the Overview configuration as the changes are autosaved.

Run Playbooks Manually Using Triggered Events

You can manually run a Playbook using a created triggered event.

To run a Playbook using triggered events:

  1. Go to Manage Playbooks.

  2. Click on the required Playbook and click Run Playbook

  3. In the Input Data Source box that appears, click Event.

  4. Choose the required event. The events associated with the Playbook labels will be available for selection.

  5. Click Run Playbook.

    The Playbook will now run and execute the defined actions.