Jul 03 2023 06:07 AM
We have designed a playbook to send email notification to user whenever there are multiple failed login attempts. Email will be sent to confirm if that was a legitimate login attempt or not. If user confirm that he was not involved in that activity, then only we will create an incident. If there is no response from user, then also we will create an incident.
We are stuck with the last step. Where incidents need to be created when there is no response from user on approval email.
How to add that condition and set time till when it will wait for user response?
Jul 03 2023 10:26 AM - edited Jul 03 2023 10:31 AM
You could set an Action Timeout in 'Send Approval Email' step (in steps' Settings), remember to allow for weekends and users on annual leave, so P3D at least (ISO 8601 duration format).
Then in your following actions you will need to 'Configure the run after' depending on success/fail. Add a parallel branch for when 'Send Approval Email' action times out if you want to take any other actions in this scenario etc. Or keep it simple:
Jul 10 2023 12:15 PM
Jul 11 2023 02:13 AM