Playbook Button Triggers

the playbook button trigger feature allows for seamless flow integration with buttons, making it easier to create and manage button triggered flows within applications if an existing flow does not contain a trigger, you now have the ability to add a trigger type button to initiate the flow key benefits seamless button creation in canvas simplifies the process of adding buttons within the turbine canvas for user interaction effortless flow integration button triggers can be easily assigned to existing workflows, eliminating the need for rebuilding or altering flows no flow rebuilds buttons can be added or modified without requiring reconstruction of the entire flow 2 way naming sync ensures that the naming between the button and the flow remains consistent, reducing confusion and simplifying the management of multiple triggers this feature enhances the user experience by providing flexibility and efficiency in orchestrating playbook runs directly through button clicks you can also include triggers from widgets for more information, see create widgets docid\ u29t6ovsgz7o3ujoow5ek how to create playbook button triggers you can create a playbook button using two methods from the playbook from the application method 1 create playbook button from a playbook from the add section, drag and drop playbook button to the canvas click on the added playbook button to view the trigger window in the application drop down menu, select the desired application click the button label drop down menu and click create new to create a new playbook button or select an existing playbook button from the drop down method 2 create playbook button from the application to create a playbook button from the application builder, navigate to applications and applets either select an existing application or click the plus icon to create a new one click and drag playbook button to the form layout section on the field properties tab, you can edit the button label if desired from the playbook drop down menu, select the playbook that this button will trigger when clicked on an application's record in the select a flow drop down menu, choose an existing flow or create a new one by selecting create new click save to finalize your button creation example 1 manually initiating a critical alert workflow scenario a soc analyst needs to manually escalate certain incidents to a critical alert status when they determine that a high severity incident requires immediate attention the playbook button trigger allows them to initiate a remediation workflow directly from the incident management application in swimlane turbine steps create the playbook button trigger from the playbook canvas, drag and drop the playbook button trigger in the application field, select the incident management application in the button label field, select create new and name the button escalate to critical the playbook will now be triggered when the analyst clicks this button in the incident management interface add a condition action drag the condition native action into the flow to evaluate whether the incident is already marked as critical condition logic if values\["incident state"] does not equal "critical" create variables for alert details use the create variables action to store critical incident details that will be used in later steps variables could include incident id stores the unique id of the incident priority level stores the current priority of the incident (e g , high, medium, low) add http action for notification use the http native action to send a critical alert notification to an external notification system (like pagerduty or slack) method post endpoint https //api pagerduty com/incidents payload include incident details like incident id, priority level, and critical timestamp transform data (optional) use the transform action to format the incident data before sending it to the external system you could convert timestamps to a more readable format or map fields to a json structure loop through assigned teams use the loop action to iterate through all teams assigned to the incident for each team, send a custom notification using the http action, modifying the payload dynamically error handling if the incident is already marked as critical (else branch), you can add a parallel action to log the attempt or notify the analyst that the incident is already escalated expected output if the incident was not already escalated, it will be marked as "critical" and a notification will be sent to the appropriate teams if it was already escalated, the user will be informed through a logged message or notification example 2 automatically closing an incident after resolution scenario once an incident is resolved in the incident management system, the playbook will trigger and automatically update the incident status to "closed" while notifying relevant stakeholders steps record event trigger drag the record event trigger to the canvas set the trigger to fire when a record in the incident management application is updated select the condition if values\["incident state"] equals "resolved" to initiate the playbook only when the incident is marked as resolved add transform action to adjust data add a transform action to prepare any data needed for further steps (e g , format the resolution date or the final incident summary) create a variable for the incident id use the create variables native action to store the incident id and other relevant fields like incident id stores the unique identifier of the incident closure time stores the timestamp when the incident was closed condition to check resolution confirmation add a condition action to check if the incident has a resolution summary condition logic if values\["resolution summary"] is defined loop action for stakeholder notification use the loop action to notify all relevant stakeholders that the incident has been resolved and closed the loop iterates through the list of assigned users or teams and sends a notification to each http action for updating external systems add an http action to update the status in external ticketing systems (e g , servicenow or jira) method put endpoint https //api servicenow\ com/update ticket payload {"ticket id" "{{incident id}}", "status" "closed"} final parallel action for multiple tasks use the parallel action to execute several tasks simultaneously send an email to notify all stakeholders log the incident closure in a separate system archive the incident in a records management application expected output the incident will be closed automatically after resolution, and all stakeholders will be notified via email or other communication platforms external systems (e g , jira or servicenow) will also be updated to reflect the closed status of the incident example 3 periodic incident report generation scenario a scheduled playbook generates and sends a weekly report of all closed incidents in the past week steps schedule trigger from the playbook canvas, drag and drop the schedule trigger set the schedule to weekly, occurring every monday at 8 00 am select the desired time zone or keep it as utc loop through closed incidents use the loop action to iterate through all incidents marked as "closed" during the past week fetch the incidents from the incident management system using a query or database lookup transform data for the report add a transform action to format the incident data for inclusion in the report data fields may include incident id closure time resolution summary assigned team create variables for summary information use the create variables action to store summary data, such as the number of incidents closed that week, their severity, and the total time to resolution http action to send report use the http action to send the report to a designated email service or dashboard method post endpoint https //api emailservice com/send payload {"to" "soc\@company com", "subject" "weekly incident report", "body" "{{incident summary}}"} error handling (optional) add a condition action to check if any incidents were closed during the past week if no incidents were closed, log a message or skip the report generation expected output the playbook will automatically generate a report listing all closed incidents and send it to the soc team every monday morning