Add playbook triggers to an alert, so if the condition is met, a suitable response is issued through a playbook.
In the Playbook Triggers page, you can create a playbook trigger, add a recommended playbook trigger, view all playbook triggers, and change the order of priority. The Core - Investigation and Response content pack includes a number of recommended playbook triggers for alerts, which you can to add to relevant alerts that are ingested.
Select → → → .
In the Playbook Trigger Recommendations table, view and select the required recommended playbook triggers to add to the trigger table.
You can view each playbook in detail in the Playbooks page.
Click Add Selected triggers.
Verify the order of the playbook triggers and change the order (if required),
Save the changes to the Playbook Trigger table.