I'm trying to build a playbook that sends emails to various adresses but i need the list of adresses be editable to the soc admin as well as make the possible list of adresses different based on the customer it belongs to. We have one SOAR for all customers.
I'm thinking of something like: if "customer a": form_input_multiselect = [ "customer_a@mail.com", "customer_a_securityperson@mail.com", "oursoc@mail.com" ]
elif "customer_b": form_input_multiselect = [ "customer_b@mail.com", "customer_b_securityperson@mail.com", "
oursoc@mail.com ]
and so on. The soc admin should decide which of those adresses should get the mail. Sometimes it's not neccessary to contact the securityperson for example. But to minimise human error the admin should only be shown adresses of the corresponding customer.
Is it possible to make an input form this variable? I tried using subplaybooks, but it didn't work. Maybe i used them wrong.
Thanks in advance
------------------------------
Benjamin Walden
------------------------------