Sentinel Playbook

Question

We have designed a playbook to send email notification to user whenever there are multiple failed login attempts. Email will be sent to confirm if that was a legitimate login attempt or not. If user confirm that he was not involved in that activity, then only we will create an incident. If there is no response from user, then also we will create an incident.

We are stuck with the last step. Where incidents need to be created when there is no response from user on approval email.

How to add that condition and set time till when it will wait for user response?

kubatom · Answer

You could set an Action Timeout in 'Send Approval Email' step (in steps' Settings), remember to allow for weekends and users on annual leave, so P3D at least (ISO 8601 duration format).
Then in your following actions you will need to 'Configure the run after' depending on success/fail. Add a parallel branch for when 'Send Approval Email' action times out if you want to take any other actions in this scenario etc. Or keep it simple:

user confirms it was them > No action
user unsure or no reply after X days > raise inc

bhavini · Answer

KubaTom&nbsp;Thank you. It worked.

bhavini · Answer

It is possible to send user confirmation request via text message as well? If yes, how?

kubatom · Answer

It's absolutely possible, but would require you subscribing to external service offering this feature.Add a new step to view operations available in LogicApp, search for 'sms' and there will be a bunch to choose from - make sure that it allows an action 'send sms/text' or similar. Have a look at companies offering these connections and assess which would be best offer versus your needs / cost / availability / reliability. Then just subscribe for one of offerings, generate a connection key and set all up.

Forum Discussion

Sentinel Playbook

4 Replies

Resources