Forum Discussion

Brass Contributor

Jan 03, 2020

Sentinel alerts stopped running playbooks

I have at least four instances of Sentinel where the alerts create the incidents but don't run the associated playbooks. This seemed to have started somewhere around Dec 30th. There are no failed run...

Copper Contributor

Apr 07, 2020

Having the exact same issues, has there been any progress?

Tried the workaround you suggested but no success,

Thanks

Neil

Brass Contributor

Apr 08, 2020

Neil2020 It just fixed by itself after a couple of days, we didn't have to do anything.

Neil2020
Copper Contributor
Apr 08, 2020
AdiGrio

Wow, still broken for me so raised a suport case, they have said it is being escalated so I will wait,

Thanks for responding
- Secureskydev
  Copper Contributor
  Apr 28, 2020
  Neil2020
  
  Have you heard anything? I'm have the same problem. The playbook runs manually from sentinel incidents page but doesn't trigger on new alerts. I need it to trigger since this logic app is for notification of new incidents. Any insight would be appreciated
  - AdiGrio
    Brass Contributor
    Apr 28, 2020
    Secureskydev
    
    As a test, I suggest that you delete and recreate the alert to see if it makes any difference. In some situations it appears that the "sync" between the alert and the playbook (aka an "action") is lost or misconfigured so you may have a situation where an alert may look like is assigned to a playbook but in reality is not. This could also cause the opposite of not running playbooks, when the playbook is ran several times. That again we found out was due to the alert having several "actions" for the same playbook (the Sentinel "actions" are only accessible throught the API).
    
    Adrian Grigorof
    http://www.managedsentinel.com

Resources