Login
      Contents x
      Create an Automation
      • 11 Jul 2024
      • 3 Minutes to read
      • PDF
      Contents

      Create an Automation

      • Updated on 11 Jul 2024
      • 3 Minutes to read
      • PDF
      Article summary

      Configure a trigger

      1. From the navigation menu, select Automation. The automation page is split into two sections, Triggers and Playbooks.

      2. Click Configure new trigger and select the event you want to start with.

      3. Adjust the trigger’s name to describe your use case. Customize the conditions to meet your use case. Keep in mind that certain fields will only be available for certain events. 

      4. Click Save.

      Create a playbook

      1. Click Playbooks and +Create New Playbook.

      2. Rename the playbook with a name and description that are easy to understand at a glance.

      3. Click +Add Action. This action will be initiated by the trigger that was created. The menu also lets you see which integration supports which action.

      4. Select the required action, and click Add to Playbook.

      5. Enter the pertinent information required.

      6. Click Save.

      7. Return to the main Automation page, and click Connect playbook to connect the action to the trigger.

      Triggers are active by default. Click the Active slider to deactivate the trigger and prevent it from firing, or click the   to permanently delete the trigger.

      Add actions to a playbook

      Actions are how you define what should happen when a playbook is executed. 

      1. When viewing any playbook, click Add Action.

      2. Click an action from the list of actions by product (to view these actions by outcome instead of product, click show actions by outcome).

      3. Click Add to Playbook.

      4. Customize the action as desired, then click Save.

      Actions are active by default. Click the Active slider to deactivate the action and prevent it from executing, or click Delete from the left menu to permanently delete the playbook.

      You can choose the number of seconds to wait before automatically dialing the next number if the playbook has the option to call numbers when triggered. The default is set to five seconds, but the dropdown now provides 30, 60, 120, 240 (four minutes), 480 (eight minutes), 960 (16 minutes) seconds as options.

      Associate playbooks and triggers

      Both triggers and playbooks are reusable so the automation is consistent and requires less work to define.

      1. Click Connect Playbook next to any trigger.

      2. Click the playbook you want associated with the trigger. The playbook will now be executed when the trigger is triggered.

      3. To remove a playbook’s association to a trigger click Disconnect next to the playbook. The playbook will no longer be executed when the trigger is triggered (but it is not deleted).

      Automation is essential to every security program. Red Canary is designed to make it incredibly easy and safe to implement.

      Require approval for an action

      You can require approval before any playbook action is executed. 

      1. Within any playbook, click the  icon next to the action that requires approval.

      2. Check Require approval.

      3. Click the method that Red Canary should use to notify your team about the action and complete the resulting form.

      4. Click Save.

      Automation Example

      Set up automation based on time and day

      You need to automate a trigger and playbook to execute when a threat is published based on the time of day and the day of the week. To set this up, you will need to create a Trigger for when a threat is published. 

      In the example below, we created a playbook that notifies when a threat is published and when the time of day is before 7 a.m. and after 4 p.m., Monday through Friday. 

      Set up the trigger

      1. From the navigation menu, click Automation. The automation page is split into two sections, Triggers and Playbooks.

      2. Click Configure new trigger, and then select When a Threat is Published.

      3. Adjust the trigger’s name to describe your use case.
        For example: Enter Notify when a threat is published before 7am and after 4pm Monday through Friday.

      4. From the dropdown, select Time

      5. From the dropdown, select the Day of week in (select time zone).

      6. From the dropdown, select Is one of. Include the desired days.

      7. Click Save.

      8. Click Add a condition, and then select the Time condition. 

      9. From the dropdown, select the Hour of day (select time zone).

      10. Select the Is not one of. Choose the times from 7am through 4pm (i.e. 7, 8, 9, 10, 11, 12, 13, 14, 15, 16) to exclude those times.

      11. Click Save.

      Set up the playbook

      1. Click Playbooks

      2. Click +Create a new Playbook.

        Note: if you do not see the new Playbook populate next to your Trigger, refresh the page. 

        Edit the playbook’s name. For example: Enter Send email notification. 

      3. Click + Add Action.

      4. Click on the Send Email link, and then click + Add to Playbook.

      5. Configure the required Email Playbook fields, and then click Save

      6. Click Connect playbook and select the required playbook.

      Was this article helpful?
      What's Next
      PRODUCTS
      USE RED CANARY
      SUPPORT
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout