Conditions Native Action

the condition native action enables users to introduce if/else logic into their workflows, executing different paths based on the evaluation of specific criteria this action supports the customization and automation of playbooks by visually representing decision making flows overview what is a condition? a condition is a set of criteria that, when met, triggers the if/true path in the workflow if not met, it triggers the else/false path this allows for automated decision making in workflows without the need for manual scripting key benefits of condition action native action integrated directly within the playbook builder for seamless workflow design no connector required operates natively within swimlane without external integrations if/else logic enables branching logic for workflows based on conditions visual flow provides a clear, visual representation of true/false paths, enhancing usability and simplifying complex workflows using the condition native action the default flow for all playbook actions is on complete , but the condition action introduces if and else flows to apply conditional logic this reduces complexity and increases flexibility in building workflows steps to add and configure condition drag and drop the condition action from the add panel, drag and drop the condition action onto the playbook canvas the true and false branches will automatically appear click edit condition to open the window that allows you to enter the logic for your conditional statement if your data has any sensitive information, you can mark as sensitive by clicking the contains sensitive data checkbox the data is not shown in the ui or in the logs click apply to save changes true and false logic when you drag and drop a condition native action onto the playbook canvas, the true and false flows automatically display true (if) if the condition is met, the workflow follows the true path false (else) if the condition is not met, the workflow follows the false path conditions in condition builder new conditions, isdefined and isnotdefined , to the condition builder, enabling you to check whether a specific field has a value or is empty the isdefined condition verifies that a field is filled or contains valid data, while isnotdefined identifies fields that are empty or missing these conditions are particularly valuable for creating rules where the presence or absence of data is crucial, such as validating inputs or filtering results drag and drop the condition builder in the playbook area, drag and drop the condition builder into your workflow edit the condition use the right side menu to click on the edit condition option, opening the condition builder dialog box create your first condition in the dialog box, click create your first condition to begin configuration select a property from the dialog's right hand options, choose a property to evaluate choose an operator open the operator dropdown and select either isdefined to check if the selected property has a value isnotdefined to check if the selected property is empty or missing save and test save the condition and test it within your playbook to ensure it operates as intended expanded use case examples example 1 blocking suspicious domains scenario automate the classification of domains based on traffic metrics true path add domain to the blocklist using the edit custom url category action false path add domain to the decrypt list for further inspection example 2 incident response automation scenario automate responses based on incident severity drag and drop the condition action configure the condition to evaluate incident severity if severity is high , execute actions to isolate affected systems else (for low severity), log the incident for monitoring example 3 nested conditions scenario handling multi layered decision making in a single workflow outer condition evaluate the presence of a threat indicator inner condition (nested) within the true path of the outer condition, add another condition to check threat level based on the threat level, execute either a quarantine action or an alert notification advanced use cases example 4 combining multiple conditions scenario evaluate multiple criteria simultaneously to decide the workflow path configure the condition to check multiple data points using and or or logic if both conditions are true (and), proceed with a high priority response if either condition is true (or), proceed with a medium priority response example 5 dynamic condition evaluation scenario dynamically evaluate conditions based on runtime data create a variable that captures user inputs or system states use this variable in your condition to decide the workflow path in real time tips for complex conditions use and/or logic combine multiple criteria using and/or operators to refine the condition logic debugging tips use logs or temporary actions (e g , send an alert) to validate if conditions are triggering correctly modular conditions break down complex logic into smaller, modular conditions for easier maintenance and understanding troubleshooting and best practices common issues condition not triggering ensure the criteria are correctly defined and the necessary data is available at the time of evaluation unexpected path execution check for logical errors in and/or combinations or data mismatch performance lag avoid overly complex conditions that can slow down workflow execution optimize by simplifying the logic best practices keep conditions simple break complex logic into smaller, manageable conditions use descriptive titles clearly label each condition and subsequent actions for easy identification and maintenance regularly test validate conditions in sandbox environments before deploying to production document logic maintain clear documentation of your conditions for future reference and troubleshooting additional resources and examples for an in depth guide, visit the automated remediation use case docid\ ocn77daazwyirurddioxa , showcasing the condition action for examples involving http status codes, see if/else use case docid\ damzntoqkykrhlnurfihi