Create Alerts from Playbook Steps

Alerts are created from the Playbook steps to be notified of any malicious activities on any type of tasks.

Create Alerts in Advanced Mode

  1. Create or edit your playbook.
  2. Select the step for the alert you want to generate.
  3. Click + and select Create Alert. (Make sure that the selected step does not contain any column with one of these names: alert_id, alert_name, alert_description, alert_type, additional_fields, creation_time, alert_source. If there is any conflict, stream runs would fail).
    • A Create Alert form opens up.
  4. Enter the following details in the form.
    • Display Name: Name to identify the alert.
    • Alert Type: Category for the alert.
    • Alert Name: Name that appears in the results table for the step.
    • Description: Detailed information about the alert.
    • Mapped Columns - Additional Data: This area lists the columns that are mapped to the corresponding fields. This section is used to map columns to display under the Additional Data in the results table.
  5. Click Done.
    • The alert is created and added as a step. Click the step to display its properties and to edit the settings.

After setting up the alert step, you can complete the playbook settings by setting up a stream. When the playbook stream runs, the alert messages are generated and will be visible on Alerts list page. This page allows you to search for alerts, filter the list, or display only certain types of alerts using the search criteria. To know more, see Alerts Advanced Search.

Create Alerts in Easy Mode

  1. Create or edit your playbook.
  2. Click + on any node to add the alert.
  3. Search for ingestAlert on the right pane search field What do you want to automate? and select Ingest Alerts from the results.
    • A Create Alert form opens up.

📘

The Create Alert form is the same form as in Advanced Mode.

  1. Enter the details in the form and click Run to save the alert as a step.

Did this page help you?