Solved: playbook id changes all the time

meshorer · ‎10-23-2023

hi,

I see that playbooks ID keep changing all the time.

can anyone explain the reasons to it?

thank you,

Daniel

phanTom · ‎10-23-2023

@meshorer Understood but I am just wondering that you mean by tracking as the system "tracks" them.

Yes there is a rest call to find the name based on the id:

xxx/rest/playbook/<id>/name

If you need to find an ID based on the name then you can also:

xxx/rest/playbook?_filter_name="<name>"

-- Happy SOARing! Please mark as a solution for future readers if it resolved your issue. --

View solution in original post

phanTom · ‎10-23-2023

@meshorer whenever you update a playbook it will save with a different id to enable version control.

Is something about it changing the id causing you some issues in automation (or other places)?

meshorer · ‎10-23-2023

@phanTom , thank you.

it is a bit difficult to keep track all the ID's, but I learned there is a rest query to get the name of the playbook from it's ID.

phanTom · ‎10-23-2023

@meshorer Understood but I am just wondering that you mean by tracking as the system "tracks" them.

Yes there is a rest call to find the name based on the id:

xxx/rest/playbook/<id>/name

If you need to find an ID based on the name then you can also:

xxx/rest/playbook?_filter_name="<name>"

-- Happy SOARing! Please mark as a solution for future readers if it resolved your issue. --

meshorer · ‎10-23-2023

"tracks" meaning that I plan to monitor logs to fire an alert when for example a playbook fails to execute.
in that case, I would probably need to identify which is the failing playbook by it's ID.

I have posted a new question about it 🙂

thank you

playbook id changes all the time

using SOAR ⁄ Phantom

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector