05-28-2024 05:40 AM
I have a couple different use cases where I have several steps in a playbook that I would like to complete again after the playbook is complete. I basically have several steps in a playbook that I would like to have launched by a button. I am trying to avoid the lengthy process of converting the steps to a standalone script. Plus, it is much easier to test aspects of a playbook as opposed to script code.
In one of the use cases, I need user input so not sure if this is even possible in a script.
Use Case 1: I have steps in the playbook that run a query from our siem for activity for a suspect source IP. I would like to be able to run these steps again later to see if the amount of activity has changes since the incident was created.
05-28-2024 07:02 PM
Hi @RonShuck22, you can have a button that calls the "setPlaybook" command. You only need to pass the playbook name. This will switch the playbook in the workplan. I would also suggest using a display trigger to ensure that the current playbook is not running.
Example below.
Control button display, but hovering over the button and then selecting the "eye" icon.
05-28-2024 07:02 PM
Hi @RonShuck22, you can have a button that calls the "setPlaybook" command. You only need to pass the playbook name. This will switch the playbook in the workplan. I would also suggest using a display trigger to ensure that the current playbook is not running.
Example below.
Control button display, but hovering over the button and then selecting the "eye" icon.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
