Help
FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
Andy_G
Staff
Staff

Created on ‎04-10-2020 12:08 AM

Article Id 194650

Technical Note: CSTN 00028 - Sending notification when playbook execution fails

Description

Description

In cases where a scheduled playbook or any manually triggered playbook execution fails, it may be a good practice or even required that a user gets notified about the failure proactively so that necessary actions can be taken to debug the playbook.  

This technote describes how to achieve sending a notification to a user when a particular playbook fails to execute successfully.


Solution

Resolution

Playbooks attached with this article are designed to monitor the workflows of playbooks that are being executed. Users can import the appropriate playbook, depending on their CyOPs™ version, to their CyOPs™ instance and create a schedule to run the playbook at specific time intervals, using Automation > Schedules on the left navigation pane of CyOPs™ UI. The playbooks perform checks on a particular playbook that is being executed and it sends notifications to the specified users if it detects any failure in that particular playbook's execution during its periodic checks.

Following playbooks are attached:

If your CyOPs™ version is equal to or higher than 5.1.0, then import the Playbook Collections (2019114346)_Version_EqualTo_And_Later_Than_5_1.json playbook collection.

If your CyOPs™ version is lesser than 5.1.0, then import the 1 Playbook - 11 - Draft (2019212712)_Versions_Earlier_Than_5_1.json playbook collection.


Steps involved in scheduling the "Notify for failed playbooks" playbook:

  1. Download the playbook attached with this technote and import it in CyOPs™ using Import Playbook option in a Playbook Collection pane.
    Important: Download Playbook Collections (2019114346)_Version_EqualTo_And_Later_Than_5_1.json playbook collection if your CyOPs™ version is 5.1.0 or later. Download 1 Playbook - 11 - Draft (2019212712)_Versions_Earlier_Than_5_1.json playbook collection if your CyOPs™ version is earlier than 5.1.0.
  2. Create a Schedule to run this playbook at specific intervals. Perform following steps to create the schedule:
    1. Navigate to Automation > Schedules on the left-navigation pane of CyOPs™ UI .
    2. Click Add Schedule to create a new schedule.
    3. Provide the Name, Cron Expression and UUID Of Playbook that you want to monitor for workflow. Following image shows a Cron schedule being created to run every hour for a particular playbook for which the UUID is specified:
  3. Click Save to save the schedule.
    The schedule is created as follows:


When the playbook runs successfully according to the schedule and detects any failure in the execution of a specified playbook (as per UUID provided in a schedule), it sends notifications to the users using CyOPs™ SMTP connector.


Applicable Version:

Any CyOPs™ version.




1 Playbook - 11 - Draft (2019212712)_Versions_Earlier_Than_5_1.json
Playbook Collections (2019114346)_Version_EqualTo_And_Later_Than_5_1.json
Labels:
230
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.