SumoLogic
diff --git a/‎docs/platform-services/automation-service/intro-to-automation-service.md‎
Lines changed: 23 additions & 8 deletions b/‎docs/platform-services/automation-service/intro-to-automation-service.md‎
Lines changed: 23 additions & 8 deletions
diff --git a/‎static/img/platform-services/automation-service/intro-add-automated-playbook.png‎
96.6 KB b/‎static/img/platform-services/automation-service/intro-add-automated-playbook.png‎
96.6 KB
diff --git a/‎static/img/platform-services/automation-service/intro-playbook-results.png‎
53.7 KB b/‎static/img/platform-services/automation-service/intro-playbook-results.png‎
53.7 KB
@@ -186,9 +186,7 @@ Now that those integrations are configured, let’s use the Automation Service t
    1. The playbook runs. If errors occur, click the nodes with errors and [troubleshoot the playbook](/docs/platform-services/automation-service/automation-service-playbooks/#troubleshoot-playbooks).<br/><img src={useBaseUrl('img/platform-services/automation-service/intro-test-playbook-results.png')} alt="Test playbook results" style={{border: '1px solid gray'}} width="800" />
    1. After the playbook runs, the email recipient should get an email that looks like this:<br/><img src={useBaseUrl('img/platform-services/automation-service/intro-test-playbook-email.png')} alt="Test playbook email" style={{border: '1px solid gray'}} width="500" />
 
-Congratulations. You have now successfully created a playbook in Sumo Logic's Automation Service.
-
-### Create a custom automation to run your Cloud SIEM insights playbook
+#### Create a custom automation to run your Cloud SIEM insights playbook
 
 Now that you've created a playbook as described in the [previous section](#create-a-playbook-for-cloud-siem-insights), let’s use Cloud SIEM to create an automation to run it. A [Cloud SIEM automation](/docs/cse/automation/) allows you to automatically run a playbook based on a trigger, such as an insight being created or closed. 
 
@@ -203,7 +201,7 @@ This way, potentially the entire incident response cycle can now be automated: a
 1. Note that the checkboxes under the **Execution** field show that you can trigger your automation when an insight is created or closed. For this exercise, however, select **Manually Done**. 
 1. Click **Save** when finished.<br/><img src={useBaseUrl('img/platform-services/automation-service/intro-new-automation.png')} alt="New automation" style={{border: '1px solid gray'}} width="400" />
 
-### Test your Cloud SIEM automation
+#### Test your Cloud SIEM automation
 
 To test the automation you created in the [previous section](#create-a-custom-automation-to-run-your-cloud-siem-insights-playbook), run it on a Cloud SIEM insight:
 
@@ -216,9 +214,9 @@ To test the automation you created in the [previous section](#create-a-custom-au
 1. Click the **View Playbook** to see more details about the playbook's execution, such as an explanation about any errors that occurred. (See [Troubleshoot playbooks](/docs/platform-services/automation-service/automation-service-playbooks/#troubleshoot-playbooks) for help if your playbook run has problems.)<br/><img src={useBaseUrl('img/platform-services/automation-service/intro-playbook-view-of-results.png')} alt="Results of automation in the playbook view" style={{border: '1px solid gray'}} width="800" />
 1. If the automation execution was successful, and you included your email in the playbook email notification when you created, your inbox should have an email from the Cloud SIEM system with the insight details as designed in the playbook.<br/><img src={useBaseUrl('img/platform-services/automation-service/intro-test-playbook-email-2.png')} alt="Test playbook email" style={{border: '1px solid gray'}} width="500" />
 
-Congratulations. You now have a custom automation that can be manually run or attached to insight creation or closing.
+You now have a custom automation that can be manually run or attached to insight creation or closing.
 
-### Create a playbook for monitoring
+### Create a playbook for alerting
 
 Cloud SIEM isn’t the only application that can use playbooks from the Automation Service. You can also use [automated playbooks in monitors](/docs/alerts/monitors/use-playbooks-with-monitors/). In this section, we'll create a playbook that will be triggered when an alert is generated by a monitor within Sumo Logic's Log Analytics Platform.
 
@@ -274,6 +272,23 @@ For this playbook let’s presume we have some AWS EC2 instances that are being
 1. Connect the **Resolve Alert** node to the **End** node. Your completed playbook will look more or less like the following:<br/><img src={useBaseUrl('img/platform-services/automation-service/intro-alerts-playbook.png')} alt="Completed alert playbook" style={{border: '1px solid gray'}} width="700" />
 1. At the bottom of the screen, click the **Publish** (clipboard) icon next to the **Edit** (pencil) icon to publish your playbook.
 
-Congratulations. You have now created a playbook for alerting.
+#### Attach your playbook to a monitor
+
+Now that you have created a playbook for alerting, follow the directions in [Add an automated playbook to a monitor](/docs/alerts/monitors/use-playbooks-with-monitors/#add-an-automated-playbook-to-a-monitor) to add the playbook to a monitor for your AWS EC2 instances. When the alert triggers, it will run the playbook.
+
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Monitors**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Alerts > Monitors**. You can also click the **Go To...** menu at the top of the screen and select **Monitors**.
+1. In the **Monitors** screen, select the EC2 monitor you want to attach your "AWS EC2 alert" playbook to. For example, if you have installed the [AWS Observability Solution](/docs/observability/aws/), you could open the **AWS Observability Monitors** folder and select the **AWS EC2 - High Total CPU Utilization** monitor.
+1. Click **Edit** in the monitor details pane.
+1. Scroll down to the **Playbooks** section, and in the **Automated Playbooks** field select the "AWS EC2 alert" you created above in [Create a playbook for alerting](#create-a-playbook-for-alerting). <br/><img src={useBaseUrl('img/platform-services/automation-service/intro-add-automated-playbook.png')} alt="Add automated playbook to a monitor" style={{border: '1px solid gray'}} width="700" />
+1. Click **Save**.
+
+Saving the monitor with this configuration will run the playbook automatically whenever the alert is triggered.
+
+#### View the playbook in an alert
+
+When the monitor you configured in the previous section triggers an alert, the playbook attached to the monitor runs. To see the results of the playbook execution, open the alert that was triggered.
 
-Now that you have created a playbook for alerting, follow the directions in [Add an automated playbook to a monitor](/docs/alerts/monitors/use-playbooks-with-monitors/#add-an-automated-playbook-to-a-monitor) to add the playbook to a monitor for your AWS EC2 instances. When the alert triggers, it will run the playbook.
+1. To get to your alert list, from the [**New UI**](/docs/get-started/sumo-logic-ui), select **Alerts > Alert List**. From the [**Classic UI**](/docs/get-started/sumo-logic-ui-classic), click the bell icon in the top menu.
+1. Select the alert triggered by the monitor that has the playbook attached.
+1. On the alert details page, click **Playbooks** in the upper right corner. This opens a sidebar listing the playbook attached to the monitor. <br/><img src={useBaseUrl('img/platform-services/automation-service/intro-playbook-results.png')} alt="Playbook on an alert" style={{border: '1px solid gray'}} width="400" />
+1. Click the playbook link in the sidebar. This opens the playbook results page in another browser tab, showing you the results of each playbook action. If the playbook ran with errors, see [Troubleshoot playbooks](/docs/platform-services/automation-service/automation-service-playbooks/#troubleshoot-playbooks) for help.