Workflows are a core component within InsightConnect, so if you’re diving into the tool now it can help to start off with a basic understanding of what exactly they are and how they work. Here’s our quick definition of a workflow:
A workflow is a series of steps executed to help streamline and automate processes.
In other words, workflows are built to get things done. Think of them as a representation of some manual process that you do in the real world - in automated form. Maybe that manual process is deploying a patch, blocking a host, or posting an alert. Or any other number of things.
Whatever the case may be, all workflows consist of a couple main components - triggers and steps. If we look at this example of a workflow below, we can see the trigger marked in red and the steps marked in blue.
A trigger is what kick-starts the workflow. It’s the configured event that causes the workflow to execute. That could be a timer you’ve setup, or a Slack message you send to your integrated workflow chatbot, or some type of event tied to another tool you’re using. Note that workflows will only have one trigger.
In the case of our example workflow above, the trigger is an email that’s received. So whenever an email is received at a particular inbox that we’ve configured, this workflow runs.
A step is everything else within your workflow, designed to accomplish a task or process you have in mind. Steps can perform actions - lookup an IP, create a new ticket, ping a host, send an email - all in the context of the other tools you’re using. They can also perform logic - filter some data, make a decision, or iterate over your data to do something to each piece of it.
In our workflow example, the steps are doing some processing for the email we received. One step sends a Slack notification, the next extracts URLs from that email, and the next does additional processing on those URLs.
So there we are - a simple overview of what an InsightConnect workflow is. If you’re trying to build your own workflow for the very first time, remember:
- Think about your trigger. What should cause this workflow to start? What makes you start this process in the real world?
- Break your process down into individual pieces. What’s the first thing you do? What’s the last thing you do? What are the steps needed in-between to get there?