Forum Discussion
Get full data into Playbook
Hi We are currently trying to automate some alerts through Playbooks. We created a custom alert that checks for Impossible Travel Alerts from MCAS. This works well. But the issue is that some d...
Thijs Lecomte Not sure what you mean when you say that Entities do not support arrays. If the alert that creates the Incident finds multiple events and each of those events has matching entities, then the incident will have multiple entities.
I currently have one incident that is made up of 13 events and has 5 IP and 6 Account Entities in it. Using a Playbook to write the Entities to a Teams message I see that it writes out the Entities in a JSON array.
Looking at your image it shows the same thing just that, in your case, you only have 1 Entity listed
- Thanks for the response.
The alert is have only has one event.
The event that comes from MCAS.
I can understand that multiple events in one alert can lead to multiple entities.
But can one event in an alert lead into multiple entities?
Or is there another way to get the full event details into Playbooks?Thijs Lecomte One event will only have up to a single value for each of the entities.
- Any chance that will be changed in the future?
Or any way to get the full details through the playbook?
