Attaching Playbooks to an Alert
Chronicle SOAR allows for a total of 10 playbooks to be attached to an alert. Only 1 playbook can be attached automatically to a single alert. However, an additional 9 playbooks can be attached manually.
To add a Playbook or Playbook Block to an Alert:
Click on the Cases tab.
Click on the Alert, within a case, that the Playbook or Playbook Block needs to be attached to.
- In the Playbooks tab, click the icon on the right side of the screen. Choose the Playbook or the Playbook block to be added. In this example, the “Case Management” Playbook Block is selected.
If the selected Playbook Block requires input parameters, an Inputs dialog box will appear. Either confirm the existing inputs or make the relevant input changes for the selected Playbook Block. Note that if the Playbook Block does not require any input parameters, the Inputs dialog box will not appear.
The added Playbook Block is displayed in the Playbooks tab.