Sentinel Playbook

Copper Contributor

We have designed a playbook to send email notification to user whenever there are multiple failed login attempts. Email will be sent to confirm if that was a legitimate login attempt or not. If user confirm that he was not involved in that activity, then only we will create an incident. If there is no response from user, then also we will create an incident.

Bhavini_0-1688389595543.png

 

We are stuck with the last step. Where incidents need to be created when there is no response from user on approval email.

Bhavini_1-1688389618689.png

How to add that condition and set time till when it will wait for user response?

 

4 Replies

You could set an Action Timeout in 'Send Approval Email' step (in steps' Settings), remember to allow for weekends and users on annual leave, so P3D at least (ISO 8601 duration format).
Then in your following actions you will need to 'Configure the run after' depending on success/fail. Add a parallel branch for when 'Send Approval Email' action times out if you want to take any other actions in this scenario etc. Or keep it simple:

  • user confirms it was them > No action
  • user unsure or no reply after X days > raise inc

@KubaTom Thank you. It worked.

It is possible to send user confirmation request via text message as well? If yes, how?
It's absolutely possible, but would require you subscribing to external service offering this feature.
Add a new step to view operations available in LogicApp, search for 'sms' and there will be a bunch to choose from - make sure that it allows an action 'send sms/text' or similar. Have a look at companies offering these connections and assess which would be best offer versus your needs / cost / availability / reliability. Then just subscribe for one of offerings, generate a connection key and set all up.