Step-back in workflow

Currently it is not possible to re-enable under certain conditions a closed task inside the playbook designer.

However some playbooks require to ask analyst few questions and depending on his answers to go back to a certain previous step inside the designed process, like "have you successfully patched the workstation?" and if he replies no, then the workflow shall loop back to a previous step like "download the patch" or whatever. Or in ASCII-art I mean:

START ---> STEP 1 ---> STEP 2 ---> Question : Y/N ? ---> Y: END
^ |
| |      
|------------- N: back to step 1 -|

In this case <STEP 1> would be a "Conditionaly reactivabe task linked to result of the Question (here: "No", but it could be a value, any type already supported).

  • Guest
  • May 14 2018
  • Future consideration
  • Guest commented
    30 Jul, 2019 06:53pm

    This functionality is needed-- especially being able to pause and prompt for analyst intervention (with output from the workflow included in that prompt!!!)

  • Guest commented
    22 May, 2018 01:07pm

    Good idea, workflow exception loopbacks are part of the BPMN standard, the only risk is infinite loops but that can typically be fixed with timer objects. In our case we have specific regulatory reporting requirements where we need to loopback and update reports with information as it's gathered.

  • Guest commented
    18 May, 2018 06:28pm

    When you have already started process of investigation/remediation based on the initial finding of the alert, but during your analysis, you have other devices/systems impacted and you need to go back to a previous stage.

    It is similar to what is listed here as use case but the result of the back to step is not a simple questions but the result of a function or a Threat Intel Hit

  • Guest commented
    15 May, 2018 05:12pm

    I understand the scenario outlined above. What other playbooks / processes do you envision benefiting from this sort of approach? A few other examples would be helpful to us.