Method: legacyPlaybooks.legacyAttachWorkflowToCase

HTTP request
Path parameters
Request body
- JSON representation
Response body
- JSON representation
Authorization scopes
IAM Permissions

Full name: projects.locations.instances.legacyPlaybooks.legacyAttachWorkflowToCase

Manually initiates a specific playbook for a given alert. Use this method when an analyst determines that a particular automated response is necessary for an ongoing investigation.

HTTP request

Choose a location:

POST https://chronicle.africa-south1.rep.googleapis.com/v1alpha/{instance}/legacyPlaybooks:legacyAttachWorkflowToCase

Path parameters

Parameters

Parameters
`instance`	`string` Required. The instance to attach the workflow to case for. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. The instance to attach the workflow to case for. Format: projects/{project}/locations/{location}/instances/{instance}

Request body

The request body contains data with the following structure:

JSON representation
{ "cyberCaseId": string, "alertGroupIdentifier": string, "alertIdentifier": string, "wfName": string, "originalWorkflowDefinitionIdentifier": string, "shouldRunAutomatic": boolean }

Fields
`cyberCaseId`	`string (int64 format)` Required. The cyber case id.
`alertGroupIdentifier`	`string` Required. The alert group identifier.
`alertIdentifier`	`string` Required. The alert identifier.
`wfName`	`string` Required. The workflow name.
`originalWorkflowDefinitionIdentifier`	`string` Optional. The original workflow definition identifier.
`shouldRunAutomatic`	`boolean` Required. Indicates if the workflow should run automatically.

Response body

LegacyPlaybookAttachWorkflowToCaseResponse is a response for attaching a workflow to a case.

If successful, the response body contains data with the following structure:

JSON representation
{ "payload": boolean }

Fields

Fields
`payload`	`boolean` Optional. The response is a boolean. True if the workflow was attached to the case successfully. False otherwise.

payload

boolean

Optional. The response is a boolean. True if the workflow was attached to the case successfully. False otherwise.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/chronicle
https://www.googleapis.com/auth/chronicle.readonly

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.legacyPlaybooks.update

For more information, see the IAM documentation.

Method: legacyPlaybooks.legacyAttachWorkflowToCase Stay organized with collections Save and categorize content based on your preferences.