Playbook on Case Closure

Playbook on Case Closure

We're run into a few situations as an MSSP where customers want immediate notification of security events upon closure. It would be great to be able to have a playbook triggered by closing a case so that we can send notifications out to clients that the issue has been resolved.

3
3 votes

Declined · Last Updated

Comments

  • AntoineAntoine Siemplify Champion
    edited October 2020

    @Jess Dinsmore You could have a playbook that has a manual step in it which would allow your analysts to notify the client and close the case at the same time depending on the situation.

  • Or SuesskindOr Suesskind Product Team

    Hi @Jess Dinsmore, thanks for raising this issue.

    Following @Antoine's answer, wanted to add my point of view. My answer is split into two parts:

    If the case closure is done as part of a playbook, you can just add a customer communication block (or a single action, depends on the use case) to communicate anything you want to the customer (BTW you can see an example to a communication block in the "Automated Phishing Solution" Use Case in our marketplace).

    If the case closure is done manually, we currently do not support triggering a playbook, but you can easily attach the communication block manually to the case.

    Let me know if you need any further assistance.

  • Jess DinsmoreJess Dinsmore Siemplify Champion

    Thank you for the suggestions and ideas. My reasoning for the suggestion is that the platform has a case closing mechanism that is very prominent on the main cases page. If we put playbooks in motion to capture close reasons, notify customers, then close the case, they could easily be circumvented by using the main case closure options.

    Part of what I'm working towards is consistency within the SOC operations. Since there is a straightforward way to circumvent the process like just using the case closure on the main page, the consistency would be broken.

  • Or SuesskindOr Suesskind Product Team

    Hi @Jess Dinsmore,

    Thanks for the additional context. I agree that triggering a playbook upon case closure/specific root cause/reason or any other event-based triggers can be awesome. This is a capability that we are planning to develop in the future and it's already a part of our roadmap but may take some time until it will get to customers, so I would still recommend trying to find a temporary solution for this flow.

    I'll be happy to continue this discussion and assist you to find the best option that is currently possible. Another option is to work with our PS team who are experts in finding those tailored solutions. Let me know if I can assist with anything further.

  • Jess DinsmoreJess Dinsmore Siemplify Champion

    All good Or. Just don't know what's on the roadmap so sorry for suggesting something that's already there. Is the roadmap published somewhere so I can avoid duplication?

  • Or SuesskindOr Suesskind Product Team

    Hi @Jess Dinsmore,

    First - it's totally fine and it always helps us to get additional needs and usecases even for known ideas.

    Second - We do not publish it, but you can follow up with Marie (CS) to get some high level slides. We are also covering those parts in QBRs.

Sign In or Register to comment.