Workflow Automation

Workflows are a way to automate investigation of your systems using Playbooks.

A workflow consists of 4 components:

Triggers:

What are Triggers?

Triggers are different ways to automatically execute PlayBooks given an external event / stimulus or business requirement.

How will triggers help?

Triggers help you get either the investigation data (through an automated run) or the link to the specific investigation data in one click.

Types of Triggers:

Triggers are entry points for an investigation to be initiated. Currently there are three types of Triggers that are enabled:

• Alert message in Slack: Using the Slack App integration, any bot message within a channel can be used as a trigger.
• API call: You can configure an API call from any tool or within your code to trigger an investigation workflow.

Diagnosis:

An activity / investigation that needs to be taken as an after-effect. Within a diagnosis, you can currently setup one playbook to run.

Scheduler:

This determines how frequently the diagnosis/actions should run after a trigger. Configurations currently supported:

• One-time run: This configuration is suitable if you want to run the playbook investigation once after an alert is triggered.
• Run as per a cron schedule: This configuration is favourable when you need to run the playbook continuously as per a schedule
• Run for a fixed duration: In this configuration, you can schedule the investigation to happen every x seconds until an "end time".

There are two validation rules while creating a schedule for continuous jobs:

• The "interval" must be greater than or equal to 1 minute.
• The "stop after" duration must be greater than "interval" duration.

Actions:

Actions are post-facto steps that need to be taken after an investigation has been completed. Currently supported actions include:

• Sending the investigation summary as a reply to an alert message in a Slack channel.
• Sending the investigation summary in a Slack channel.