Forum Discussion
Sentinel alerts stopped running playbooks
Wow, still broken for me so raised a suport case, they have said it is being escalated so I will wait,
Thanks for responding
Have you heard anything? I'm have the same problem. The playbook runs manually from sentinel incidents page but doesn't trigger on new alerts. I need it to trigger since this logic app is for notification of new incidents. Any insight would be appreciated
- AdiGrioApr 28, 2020Brass Contributor
As a test, I suggest that you delete and recreate the alert to see if it makes any difference. In some situations it appears that the "sync" between the alert and the playbook (aka an "action") is lost or misconfigured so you may have a situation where an alert may look like is assigned to a playbook but in reality is not. This could also cause the opposite of not running playbooks, when the playbook is ran several times. That again we found out was due to the alert having several "actions" for the same playbook (the Sentinel "actions" are only accessible throught the API).
Adrian Grigorof
- SecureskydevMay 20, 2020Copper Contributor
AdiGrio, Thanks that worked!