Attach playbooks to an alert

This document outlines the attachment limits and priority settings for playbooks associated with a single alert in Google Security Operations, followed by the steps necessary to manually add a playbook or playbook block to an active alert.

You can attach a total of 10 playbooks to any single alert in Google SecOps.

• Only one playbook can be attached automatically (via an alert trigger).
• An additional nine playbooks can be attached manually.

You can set the playbook's priority between 1 (highest priority) and 3 (lowest priority). If multiple playbooks are attached, the playbook with the highest priority is executed first. The default priority is 2 (medium).

Manually attach a playbook or playbook block

To add a playbook or playbook block to an alert, follow these steps:

1. On the Cases page, click the alert within the case where you wants to add the playbook.
2. On the Playbooks tab, click add Add Playbook. Choose the playbook or the playbook block to be added.
3. Select the playbook or playbook block to add, and set the playbook priority (the default is 2).
4. If the selected playbook block requires input parameters, the Inputs dialog appears. Confirm or modify the existing inputs as needed. (If no inputs are required, this dialog is skipped.) 

The added playbook block appears on the Playbooks tab in the case alert.