Record Event Triggers

record event triggers initiate a playbook whenever a record is created and/or updated within a specific application you do not need to select a trigger before adding and configuring actions and conditions record event triggers for this example, select the case and incident management (cim) application, ensuring the record event is triggered when the application is created and/or updated in a playbook, from the add panel, click and drag record event to the canvas hover over the plus icon to add it to the canvas the trigger panel displays to the right of the canvas from here, you configure your record event trigger in the application drop down menu, select the desired application the example uses case and incident management click configure to open the edit condition window, allowing you to create a condition for your flow click create your first condition and select the property type from the record event trigger select the condition type from the drop down next to matches enter the property type or select a property click apply use case examples for record event triggers with native actions example 1 auto assign incidents based on priority scenario automatically assign high priority incidents to a senior analyst and low priority incidents to a junior analyst step 1 add a record event trigger drag and drop a record event trigger onto the playbook canvas configure it to trigger when a record is created or updated in the case and incident management (cim) application step 2 add a condition action drag a condition action into the flow set the condition to check if the values\["priority"] field is high proceed with the high priority path if true, otherwise follow the low priority path step 3 create variables to store incident details drag a create variables action into the flow create variables for incident id (unique identifier for the incident) and priority level (current priority of the incident) step 4 use a loop action to iterate over incidents drag a loop action into the flow to iterate over the list of incidents and apply the condition based on priority level step 5 add a parallel action for simultaneous workflows drag a parallel action to execute both high and low priority workflows simultaneously step 6 add an http action to notify external systems drag an http action into the high priority workflow configure it to send a notification to an external system like jira or servicenow with a post method to notify the analyst of the assignment payload {"incident id" "{{incident id}}", "priority level" "high"} result high priority incidents are assigned to senior analysts, while low priority incidents are assigned to junior analysts notifications are sent to external systems example 2 notify on critical incidents based on severity scenario send an immediate notification to the security team when a new incident is marked with a critical severity step 1 add a record event trigger drag and drop a record event trigger onto the playbook canvas configure it to trigger when a record is created in the security incident response application step 2 add a condition action drag a condition action into the flow set the condition to check if the values\["severity"] field is critical step 3 use create variables action drag a create variables action into the flow create variables for incident id , timestamp (incident creation time), and severity step 4 add an http action for notifications drag an http action into the flow configure it to send a post request to an external notification service like pagerduty or slack payload {"incident id" "{{incident id}}", "severity" "critical", "timestamp" "{{timestamp}}"} result the security team is notified immediately when a new critical incident is created, allowing them to respond swiftly example 3 automate record escalation based on time scenario automatically escalate an incident if it remains unresolved for more than 24 hours step 1 add a record event trigger drag and drop a record event trigger onto the playbook canvas configure it to trigger when a record is updated in the incident management application step 2 add a condition action drag a condition action into the flow set the condition to check if values\["time unresolved"] is greater than 24 hours step 3 add an http action to update external systems drag an http action into the flow configure it to send a request to an external system (e g , jira or servicenow) to escalate the incident payload {"incident id" "{{incident id}}", "status" "escalated"} step 4 use a transform action drag a transform action into the flow to update the incident status to escalated before making the api call result incidents unresolved for more than 24 hours are escalated automatically, with updates sent to external systems example 4 close incident based on resolution verification scenario automatically close an incident if the resolution has been verified step 1 add a record event trigger drag and drop a record event trigger onto the playbook canvas configure it to trigger when a record is updated in the incident management application step 2 add a condition action drag a condition action into the flow set the condition to check if values\["resolution verified"] is true step 3 add a transform action drag a transform action into the flow to update the status to closed step 4 http action for external system closure use an http action to update the external system and mark the incident as closed payload {"incident id" "{{incident id}}", "status" "closed"} result once resolution is verified, the incident is closed automatically, and external systems are updated example 5 flag incident for review based on sla breach scenario flag incidents for review when the service level agreement (sla) is breached step 1 add a record event trigger drag and drop a record event trigger onto the playbook canvas configure it to trigger when a record is updated in the incident management application step 2 add a condition action drag a condition action into the flow to check if values\["sla breached"] is true step 3 use create variables action create variables to store details such as reviewer id and time of breach step 4 use an http action to notify the review team drag an http action into the flow to notify the review team with the reviewer id and breach time in the payload result when an sla is breached, incidents are flagged for review, and the review team is notified for immediate action