Create a recipe from scratch

About recipes

Using Hunters Workflows you can build your own automated processes (Recipes) that will save time and effort managing your day-to-day SOC activities.

Recipes are automated workflows built by users that can span multiple apps. Each recipe is comprised of a trigger and one or more actions that are carried out when a trigger event is picked up.

When recipes are started, they will run automatically in the background to look for trigger events and carry out recipe actions. When they are stopped, they will cease to look for trigger events.

📘 Learn more

To learn how to create a workflow from a selection of pre-made templates, click here.

Create a recipe

💡Before you start

  • In this example, we will create a Recipe that creates an issue in Jira for every new Alert in Hunters with a High risk score.

  • Make sure you have a Hunters API token with a Customer role (or higher). Learn more here.

  • Make sure you have connection credentials to Jira. You can connect with a username and password, API token, OAuth 2.0 or a personal access token.

Step 1: Open a new Recipe

  1. From the Hunters menu, navigate to Workflows > Workflow Manager.

  2. Under Projects, navigate to the folder where you want to create the Recipe and click Create > Recipe.
    image.png

    📘Learn more

    Learn more about Workflow folders.

  3. Give your new Recipe a descriptive name, such as “Create an issue in Jira”.

  4. Now, select a starting point for your Recipe from the options below and then click Start building:

    • Trigger from an app - select your Recipe trigger from a connected app, such as Hunters, Jira, or other services.

    • Run on a schedule - configure a Recipe that will run on scheduled times.

    • Trigger from a webhook - this option executes Recipe actions when webhooks are received. When a recipe is stopped, it will not process webhooks.

For our example, we will select Trigger from an app.

Your new Recipe design page will now open, with a trigger step ready to set up.

Step 2: Define a trigger

  1. From the right-side panel, select the app from which to select your trigger. Each app has a predefined list of triggers you can choose from.

    For our example, we will select Hunters > New Alert.

    image.png

  2. You’ll now be asked to connect to your account in the selected app.

    In our example, connect to your Hunters account:

    • Create a Hunters API token with a Customer role (or higher) following these guidelines.
    • Copy and paste the Client ID and Client secret provided in the token creation process.
    • Select your Region based on the region set up for you upon Hunters tenant creation.
    • Click Connect.

Step 3: Set up the trigger settings

You can configure your trigger using optional fields and conditions so that the Recipe will run only from a specific date or when certain conditions are met. Every trigger has different setting options.

📘Learn more

To view all optional fields, click Show optional fields, select all available fields and then click Apply changes.
image.png

Hunters triggers show the following settings:

  • Pick up events from - When starting the recipe for the first time, determine from which date the recipe will pick up records. Leave this field blank to fetch records created an hour ago. Once the recipe has been run or tested, this value cannot be changed.

  • Trigger poll interval - Determine how frequently to check for new events. The default and minimum value is 5 minutes, unless otherwise specified.

  • Set trigger conditions - Use conditions to run the Recipe only when specific conditions are met. Learn more here.

For our example, we will define a condition that will limit the Recipe to create Jira issues only for Hunters Alerts with a High risk score:

  1. Activate the Set trigger conditions toggle.
    image.png

  2. Under the IF condition, perform the following:

    • Click the Trigger data field to open a list of data items provided by the New Alert trigger. This list includes information related to the alert, such as its status, assignee, data sources and more.

    • From the list, select Risk.

    • In Condition, select equals, and under Value enter high.

image.png

You can continue to elaborate on this with other IF or AND conditions.

Step 4: Define an action

An action defines what will happen once the trigger is activated.

  1. To add an action, click the plus sign under ACTIONS.
    image.png

  2. Now, select what happens next from the options below:

    • Action in an app - select an action from a connected app, such as Hunters, Jira, or other services.

    • IF condition / IF/ELSE condition - define an action based only if certain conditions are met.

    • Repeat action - this option allows you to define an action that will repeat itself in specific conditions (for instance, for a list of items) until stopped.

    • Call function - this option allows you to trigger another recipe.

    • Stop job - ends a single job from being processed any further. It is usually used in cases when there is an error in the business logic and further processing of the job is not required and shouldn’t be used as a first action.

    • Handle errors - this option allows you to monitor for errors in actions, similar to the try/catch concept in programming languages.

    For our example, we will select Action in an app and then, from the right-side panel, Jira > Create issue.

  3. You’ll now be asked to connect to your account in the selected app.

    In our example, connect to your Jira account. You can connect with a username and password, API token, OAuth 2.0 or a personal access token.

  4. You can now customize the action based on the type of action selected. For instance, under Action in an app, you can customize the actions using fields from the app you’ve selected.

    For our example, use this article to learn about customizing your Jira action to your needs.

Step 5: Save and start your recipe

  1. Click Save then Exit.

  2. Click Start recipe.