This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Trigger SOAR playbook without alert trigger - Time Based

Posted Tuesday
SecOps
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Use case is as follows; 
Playbook to update a Google Chronicle reference list in the SIEM with data from an external DB to keep the SIEM reference list up to date. It should run once per day to track specific user/device exclusions for a playbook that blocks user access.

Issues:
We do not want to manually track the exclusions/duration for many users. It doesn't scale. 
Currently we do not see a way to trigger an update/pull from our exclusion list on a time based frequency. 

Solved Solved
0 2 90
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
_K_O
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

If you aren't tied to the idea of playbooks, you can use the IDE to create a Job Scheduler job and interact directly with the APIs instead. 

Alternatively, you can still use the job scheduler to create a case, have the playbook run on the specific case type, and auto-close once completed.

View solution in original post

Jump to Solution
2 REPLIES 2
Top Solution Authors
View all