Stay organized with collections
Save and categorize content based on your preferences.
Attaching playbooks to an alert
Google Security Operations SOAR allows for a total of 10 playbooks to be attached to
an alert. Only 1 playbook can be attached automatically to a single alert.
However, an additional 9 playbooks can be attached manually.
Add a playbook or playbook block to an alert
Navigate to the Cases page.
Click the alert, within a case, that the playbook or playbook block needs to
be attached to.
In the Playbooks tab, click
add
Add Playbook on the right side of the screen. Choose the playbook
or the playbook block to be added.
If the selected playbook block requires input parameters, an Inputs
dialog will appear. Either confirm the existing inputs or make the relevant
input changes for the selected playbook block. If the playbook block does not
require any input parameters, the Inputs dialog won't appear.
The added playbook block is displayed in the Playbooks tab in the case
alert.
