Execute Playbooks using Syslogs
Syslog is used to receive logs from external applications such as SIEM using either TCP or UDP protocol and a network port. The received logs can be used to trigger the execution of pre-configured Playbook workflows. As the logs are sent using a network protocol, the need to configure Open API with external applications is eliminated.
You can execute a Playbook on receiving logs through Syslog protocol by mapping the same label to the configure trigger and the Playbook that needs to be executed.
Example: You can receive incident logs from CFTR to trigger the Playbooks execution in Orchestrate.
Before you Start
Ensure that you have the following permissions:
View Labels, Create Labels, and Update Labels to create and manage a label.
View Configure Events and Create/Update Configure Events to create and manage a configure trigger.
View Source Events and Create/Update Source Events to view the triggered event.
View Configure Syslog, Create/Update Configure Syslog, and Delete Configure Syslog to create and manage a Syslog.
View Playbooks, Create/Update Playbooks, Run Playbooks, and Import Playbook to create and execute Playbooks.
Process Overview
The following is an overview of executing a Playbook using a Syslog.
 |
Steps
The following are the steps to execute a Playbook using Syslogs:
Create a label. For information on creating a label, see Create a Label.
Configure a trigger using the label created in step 1. For more information on Configuring a Trigger, see Configure Triggers.
Configure a Syslog using the Event Source App and Source Event Type defined in step 2. For more information on Configuring a Syslog, see Configure Syslogs.
Create a Playbook. For information on Creating a Playbook, see Create Playbook.
Use the label created in step 1 in the Playbook created in step 4. For more information on using a label in a Playbook, see Use Labels in a Playbook.