Create Trigger Event Automatically
In Orchestrate, analysts can trigger Playbooks based on events from third-party monitoring tools using Configure Triggers settings. The playbooks you have created are usually triggered for execution when an event occurs.
Based on the events from the monitoring tools, Playbooks are triggered by tagging similar labels to Configure Triggers and the Playbooks. For example, when a trigger event for an email phishing incident occurs, a Playbook to scan the IP address of the email sender can be triggered to run automatically.
Before you Start
Ensure that you have the Create/Update Configure Events permission to create and edit trigger events.
Ensure that the third party monitoring tools are connected with Orchestrate, via OpenAPI or webhooks.
Create Trigger Event
You can create trigger events under Configure Triggers.
To create an event:
Sign in to Orchestrate, and go to Main Menu > Configure Triggers.
Click Add Configure Event, and enter the following details:
Event Source App: Enter the source app that identifies the event. For example, CTIX.
Source Event Type: Enter the type of the event that occurs. For example, ctix_block_hash.
Label(s): Choose one or more labels. For more information, see create labels.
Status: Toggle to choose the status of the trigger. By default, it is in an active state.
Click Create.
When the Event Source App and Source Event Type details matches with the event data from third party monitoring tools, all the Playbooks associated with the chosen label will execute automatically.