Run a playbook on an alert - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-13
Category
Administrator Guide
Abstract

From the Alerts page, you can run or rerun a playbook on one or more alerts.

You can run or rerun a playbook on one or more alerts. If there is currently a playbook running on one or more of the selected alerts, the Run Playbook option does not appear. If a playbook is running on the alert, but has been paused (for example, waiting for a user action), you can select to rerun the playbook or select a new playbook.

  1. Right-click one or more alerts in the Alerts table and select Run Playbook.

  2. If the alerts have a playbook already assigned, choose Rerun current Playbook or Choose another Playbook. If the playbooks do not have a playbook assigned, Choose a Playbook.

  3. If you are not rerunning the current assigned playbook, select a playbook to run for the selected alert(s).

  4. Click Run.