Fortinet white logo
Fortinet white logo

MISP v2.0.0

About the connector

The Malware Information Sharing Platform (MISP) tool facilitates the exchange of Indicators of Compromise (IOCs) about targeted malware and attacks, within your community of trusted members. MISP is a distributed IOC database containing technical and non-technical information. Exchanging such information should result in faster detection of targeted attacks and improve the detection ratio, and also reduce the number of false positives.

This document provides information about the MISP connector, which facilitates automated interactions, with a MISP server using FortiSOAR™ playbooks. Add the MISP connector as a step in FortiSOAR™ playbooks and perform automated operations, such as creating an event in MISP and adding attributes in MISP.

Version information

Connector Version: 2.0.0

FortiSOAR™ Version Tested on: 6.4.1-2133 and 6.4.3-2885

Authored By: Fortinet

Certified: Yes

Release Notes for version 2.0.0

The following enhancements have been made to the MISP connector in version 2.0.0:

  • Added the following new operations and playbooks;
    • Add Tag
    • Add Tag to Event
    • List All Tags
    • Remove Tag to Event
  • Updated the "Add Event" operation as follows:
    • Added the "Attribute Type" and "Attribute Value" parameters.
    • Removed the "Source IP", "Destination IP", "Domain", "Source Email", "Destination Email", "URL", "Other Attributes", "Use Attribute as an IDS Signature", "Attribute Distribution" and "Comment" parameters.
  • Updated the "Add Attribute to Event" operation as follows:
    • Added the "Attribute Type" and "Attribute Value" parameters.
    • Removed the "Source IP", "Destination IP", "Source Email", "Destination Email", "URL" and "Other Attributes" parameters.
  • Updated the "Run Search" operation as follows:
    • Added the "Filter" parameter.
    • Removed the "Maximum Results", "Event IDs", "Tags", "Attribute Type", "Category", "By UUID", "Only Published Events" and "Other Filters" parameters.
  • Deprecated the "Add Attributes to Event" and "Delete Attribute" operations and added new operations with the same names using the MISP API.
  • Added the output schema for the following operations:
    • Add Attributes to Event
    • Create Event
    • Get Event
    • Delete Event
    • Run Search

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:

yum install cyops-connector-misp

Prerequisites to configuring the connector

  • You must have the URL of the MISP server to which you will connect and perform the automated operations and the API key configured for your account for using this server.
  • The FortiSOAR™ server should have outbound connectivity to port 443 on the MISP server.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the MISP connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server Name Hostname or IP address of the MISP server to which you will connect and perform automated operations.
API Key API key that is configured for your account for using the MISP server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from version 4.10.0 onwards:

Function Description Annotation and Category
Add Event Creates an event and adds the new event in MISP based on the event information and other input parameters you have specified. add_event
Investigation
Add Attributes to Event Adds specified attributes to an existing MISP event based on the event ID, attribute type and value, and other input parameters you have specified. . update_record
Investigation
Get Event Retrieves information about an event from MISP based on the event ID that you have specified. get_event
Investigation
Run Search Searches for events or attributes in MISP based on the input parameters that you have specified. run_search
Investigation
Delete Event Deletes an event from MISP based on the event ID that you have specified. delete_event
Miscellaneous
Delete Attribute from Event Deletes an attribute from a MISP event based on the attribute ID that you have specified. update_event
Miscellaneous
List All Tags Retrieves a list of all existing tags from MISP. get_tags
Investigation
Add Tag Adds a tag in MISP based on the tag name and other input parameters that you have specified. add_tag
Investigation
Add Tag to Event Adds a tag to an existing event in MISP based on the tag and event ID that you have specified. add_tag_to_event
Investigation
Remove Tag from Event Deletes the specified tag from an existing event in MISP based on the tag and event ID that you have specified. remove_tag_from_event
Investigation

operation: Add Event

Input parameters

Parameter Description
Event Information Brief description of the malware or event you are creating, including the internal reference for the event.
You can add a detailed description of the event by adding attributes to the event after the event is created.
Date (Optional) Date on which you want to create the event in MISP. The date must be in the yyyy/mm/dd format.
Distribution (Optional) Setting that controls on who can view this event once it is published and eventually when it gets pulled. Apart from being able to set which users on this server are allowed to see the event, this also controls whether or not the event will be synchronized to other servers.
You can choose between Your organization only, This community only, Connected communities, or All communities.
Threat Level (Optional) Indicates the risk level of the event.
You can categorize events into different threat categories, which are Low, Medium, or High. You can also alternatively leave this field as Undefined.
Analysis Status (Optional) Indicates the current stage of analysis of the event.
You can choose between Initial, Ongoing, or Completed.
Published Select this checkbox to publish the event in MISP.

Output

The JSON output contains the details of the newly added event.

The output contains the following populated JSON schema:
{
"Event": {
"id": "",
"orgc_id": "",
"org_id": "",
"date": "",
"threat_level_id": "",
"info": "",
"published": "",
"uuid": "",
"attribute_count": "",
"analysis": "",
"timestamp": "",
"distribution": "",
"proposal_email_lock": "",
"locked": "",
"publish_timestamp": "",
"sharing_group_id": "",
"disable_correlation": "",
"extends_uuid": "",
"event_creator_email": "",
"Org": {
"id": "",
"name": "",
"uuid": "",
"local": ""
},
"Orgc": {
"id": "",
"name": "",
"uuid": "",
"local": ""
},
"Attribute": [],
"ShadowAttribute": [],
"RelatedEvent": [],
"Galaxy": [],
"Object": []
}
}

operation: Add Attributes to Event

Input parameters

Parameter Description
Event ID ID of the MISP event to which you want to add attributes.
Category Category of the attribute that you want to add to the specific event in MISP. You can choose from options such as Internal reference, Network activity, Financial fraud, etc.
Attribute Type Type of attribute that you want to add to the specific event in MISP.
Attribute Value Value of the attribute that you want to add to the specific event in MISP.
Attribute Distribution (Optional)Setting controls on who can view this attribute once it is published. By default, "Inherit Event" is set, which means that this field inherits the distribution that is set on its parent event.
You can choose between Your organization only, This community only, Connected communities, or All communities or Inherit Event.
Use Attribute as an IDS Signature Select this checkbox if you want to add attributes for Intrusion Detection System (IDS) and this sets the to_IDS flag to True in MISP.
Comment (Optional) Comments that you want to add for the attributes. Comments are used for informational purposes only and not for correlations.

Output

The JSON output contains the details of the attributes added to the event based on the Event ID you have specified.

The output contains the following populated JSON schema:
{
"Attribute": {
"id": "",
"event_id": "",
"object_id": "",
"object_relation": "",
"category": "",
"type": "",
"value1": "",
"value2": "",
"to_ids": "",
"uuid": "",
"timestamp": "",
"distribution": "",
"sharing_group_id": "",
"comment": "",
"deleted": "",
"disable_correlation": "",
"first_seen": "",
"last_seen": "",
"value": ""
},
"AttributeTag": []
}

operation: Get Event

Input parameters

Parameter Description
Event ID ID of the event whose information you want to retrieve from MISP.

Output

The JSON output contains the details of the event based on the Event ID you have specified.

The output contains the following populated JSON schema:
{
"Event": {
"id": "",
"orgc_id": "",
"org_id": "",
"date": "",
"threat_level_id": "",
"info": "",
"published": "",
"uuid": "",
"attribute_count": "",
"analysis": "",
"timestamp": "",
"distribution": "",
"proposal_email_lock": "",
"locked": "",
"publish_timestamp": "",
"sharing_group_id": "",
"disable_correlation": "",
"extends_uuid": "",
"event_creator_email": "",
"Org": {
"id": "",
"name": "",
"uuid": "",
"local": ""
},
"Orgc": {
"id": "",
"name": "",
"uuid": "",
"local": ""
},
"Attribute": [
{
"id": "",
"type": "",
"category": "",
"to_ids": "",
"uuid": "",
"event_id": "",
"distribution": "",
"timestamp": "",
"comment": "",
"sharing_group_id": "",
"deleted": "",
"disable_correlation": "",
"object_id": "",
"object_relation": "",
"first_seen": "",
"last_seen": "",
"value": "",
"Galaxy": [],
"ShadowAttribute": []
}
],
"ShadowAttribute": [],
"RelatedEvent": [],
"Galaxy": [],
"Object": []
}
}

operation: Run Search

Input parameters

Parameter Description
Controller Specifies whether you want to search for Attributes or Events in MISP.
Filters (Optional) Filters based on which you want to search for attributes or events in MISP.
This parameter takes the input in the dict format, containing a key and value pair.
For example, {“values”:”8.8.8.8”, “not_values”:”google.com” }

Output

The JSON output contains details of the event(s) or attribute(s) that matches the query you have specified.

The output contains the following populated JSON schema:
{
"response": [
{
"Event": {
"id": "",
"orgc_id": "",
"org_id": "",
"date": "",
"threat_level_id": "",
"info": "",
"published": "",
"uuid": "",
"attribute_count": "",
"analysis": "",
"timestamp": "",
"distribution": "",
"proposal_email_lock": "",
"locked": "",
"publish_timestamp": "",
"sharing_group_id": "",
"disable_correlation": "",
"extends_uuid": "",
"event_creator_email": "",
"Org": {
"id": "",
"name": "",
"uuid": "",
"local": ""
},
"Orgc": {
"id": "",
"name": "",
"uuid": "",
"local": ""
},
"Attribute": [],
"ShadowAttribute": [],
"RelatedEvent": [],
"Galaxy": [],
"Object": []
}
}
]
}
{
"response": {
"Attribute": [
{
"id": "",
"event_id": "",
"object_id": "",
"object_relation": "",
"category": "",
"type": "",
"to_ids": "",
"uuid": "",
"timestamp": "",
"distribution": "",
"sharing_group_id": "",
"comment": "",
"deleted": "",
"disable_correlation": "",
"first_seen": "",
"last_seen": "",
"value": "",
"Event": {
"org_id": "",
"distribution": "",
"id": "",
"info": "",
"orgc_id": "",
"uuid": ""
}
}
]
}
}

operation: Delete Event

Input parameters

Parameter Description
Event ID ID of the event that you want to delete from MISP.

Output

The JSON output contains a status message specifying whether or not the event you have specified is deleted.

The output contains the following populated JSON schema:
{
"saved": "",
"success": "",
"name": "",
"message": "",
"url": ""
}

operation: Delete Attribute from Event

Input parameters

Parameter Description
Attribute ID ID of the attribute that you want to delete from MISP.

Output

The JSON output contains a status message specifying whether or not the attribute you have specified is deleted.

The output contains the following populated JSON schema:
{
"message": ""
}

operation: List All Tags

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"Tag": [
{
"id": "",
"name": "",
"colour": "",
"exportable": "",
"org_id": "",
"user_id": "",
"hide_tag": "",
"numerical_value": "",
"count": "",
"attribute_count": "",
"favourite": ""
}
]
}

operation: Add Tag

Input parameters

Parameter Description
Tag Name Name of the tag you want to create in MISP.
Exportable Select this checkbox if you want to create an exportable tag in MISP.
Hide Tag Select this checkbox if you want to hide the created tag in MISP.
Organisation ID ID of the organization that you want to add to the tag that you are creating in MISP.
User ID ID of the user that you want to add to the tag that you are creating in MISP.

Output

The output contains the following populated JSON schema:
{
"Tag": {
"id": "",
"name": "",
"colour": "",
"exportable": "",
"org_id": "",
"user_id": "",
"hide_tag": "",
"numerical_value": ""
}
}

operation: Add Tag to Event

Input parameters

Parameter Description
Event ID ID of the MISP event to which you want to add the specified tag.
Tag Tag that you want to add to the specified event in MISP.

Output

The output contains the following populated JSON schema:
{
"saved": "",
"success": "",
"check_publish": ""
}

operation: Remove Tag from Event

Input parameters

Parameter Description
Event ID ID of the MISP event from which you want to remove the specified tag.
Tag Tag that you want to remove from the specified event in MISP.

Output

The output contains the following populated JSON schema:
{
"saved": "",
"success": "",
"check_publish": ""
}

Included playbooks

The Sample-MISP-2.0.0 playbook collection comes bundled with the MISP connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the MISP connector.

  • Add Attributes to Event
  • Add Event
  • Add Tag
  • Add Tag to Event
  • Delete Attribute from Event
  • Delete Event
  • Get Event
  • List All Tags
  • Remove Tag from Event
  • Run Search

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.

Previous
Next

MISP v2.0.0

About the connector

The Malware Information Sharing Platform (MISP) tool facilitates the exchange of Indicators of Compromise (IOCs) about targeted malware and attacks, within your community of trusted members. MISP is a distributed IOC database containing technical and non-technical information. Exchanging such information should result in faster detection of targeted attacks and improve the detection ratio, and also reduce the number of false positives.

This document provides information about the MISP connector, which facilitates automated interactions, with a MISP server using FortiSOAR™ playbooks. Add the MISP connector as a step in FortiSOAR™ playbooks and perform automated operations, such as creating an event in MISP and adding attributes in MISP.

Version information

Connector Version: 2.0.0

FortiSOAR™ Version Tested on: 6.4.1-2133 and 6.4.3-2885

Authored By: Fortinet

Certified: Yes

Release Notes for version 2.0.0

The following enhancements have been made to the MISP connector in version 2.0.0:

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:

yum install cyops-connector-misp

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the MISP connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server Name Hostname or IP address of the MISP server to which you will connect and perform automated operations.
API Key API key that is configured for your account for using the MISP server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from version 4.10.0 onwards:

Function Description Annotation and Category
Add Event Creates an event and adds the new event in MISP based on the event information and other input parameters you have specified. add_event
Investigation
Add Attributes to Event Adds specified attributes to an existing MISP event based on the event ID, attribute type and value, and other input parameters you have specified. . update_record
Investigation
Get Event Retrieves information about an event from MISP based on the event ID that you have specified. get_event
Investigation
Run Search Searches for events or attributes in MISP based on the input parameters that you have specified. run_search
Investigation
Delete Event Deletes an event from MISP based on the event ID that you have specified. delete_event
Miscellaneous
Delete Attribute from Event Deletes an attribute from a MISP event based on the attribute ID that you have specified. update_event
Miscellaneous
List All Tags Retrieves a list of all existing tags from MISP. get_tags
Investigation
Add Tag Adds a tag in MISP based on the tag name and other input parameters that you have specified. add_tag
Investigation
Add Tag to Event Adds a tag to an existing event in MISP based on the tag and event ID that you have specified. add_tag_to_event
Investigation
Remove Tag from Event Deletes the specified tag from an existing event in MISP based on the tag and event ID that you have specified. remove_tag_from_event
Investigation

operation: Add Event

Input parameters

Parameter Description
Event Information Brief description of the malware or event you are creating, including the internal reference for the event.
You can add a detailed description of the event by adding attributes to the event after the event is created.
Date (Optional) Date on which you want to create the event in MISP. The date must be in the yyyy/mm/dd format.
Distribution (Optional) Setting that controls on who can view this event once it is published and eventually when it gets pulled. Apart from being able to set which users on this server are allowed to see the event, this also controls whether or not the event will be synchronized to other servers.
You can choose between Your organization only, This community only, Connected communities, or All communities.
Threat Level (Optional) Indicates the risk level of the event.
You can categorize events into different threat categories, which are Low, Medium, or High. You can also alternatively leave this field as Undefined.
Analysis Status (Optional) Indicates the current stage of analysis of the event.
You can choose between Initial, Ongoing, or Completed.
Published Select this checkbox to publish the event in MISP.

Output

The JSON output contains the details of the newly added event.

The output contains the following populated JSON schema:
{
"Event": {
"id": "",
"orgc_id": "",
"org_id": "",
"date": "",
"threat_level_id": "",
"info": "",
"published": "",
"uuid": "",
"attribute_count": "",
"analysis": "",
"timestamp": "",
"distribution": "",
"proposal_email_lock": "",
"locked": "",
"publish_timestamp": "",
"sharing_group_id": "",
"disable_correlation": "",
"extends_uuid": "",
"event_creator_email": "",
"Org": {
"id": "",
"name": "",
"uuid": "",
"local": ""
},
"Orgc": {
"id": "",
"name": "",
"uuid": "",
"local": ""
},
"Attribute": [],
"ShadowAttribute": [],
"RelatedEvent": [],
"Galaxy": [],
"Object": []
}
}

operation: Add Attributes to Event

Input parameters

Parameter Description
Event ID ID of the MISP event to which you want to add attributes.
Category Category of the attribute that you want to add to the specific event in MISP. You can choose from options such as Internal reference, Network activity, Financial fraud, etc.
Attribute Type Type of attribute that you want to add to the specific event in MISP.
Attribute Value Value of the attribute that you want to add to the specific event in MISP.
Attribute Distribution (Optional)Setting controls on who can view this attribute once it is published. By default, "Inherit Event" is set, which means that this field inherits the distribution that is set on its parent event.
You can choose between Your organization only, This community only, Connected communities, or All communities or Inherit Event.
Use Attribute as an IDS Signature Select this checkbox if you want to add attributes for Intrusion Detection System (IDS) and this sets the to_IDS flag to True in MISP.
Comment (Optional) Comments that you want to add for the attributes. Comments are used for informational purposes only and not for correlations.

Output

The JSON output contains the details of the attributes added to the event based on the Event ID you have specified.

The output contains the following populated JSON schema:
{
"Attribute": {
"id": "",
"event_id": "",
"object_id": "",
"object_relation": "",
"category": "",
"type": "",
"value1": "",
"value2": "",
"to_ids": "",
"uuid": "",
"timestamp": "",
"distribution": "",
"sharing_group_id": "",
"comment": "",
"deleted": "",
"disable_correlation": "",
"first_seen": "",
"last_seen": "",
"value": ""
},
"AttributeTag": []
}

operation: Get Event

Input parameters

Parameter Description
Event ID ID of the event whose information you want to retrieve from MISP.

Output

The JSON output contains the details of the event based on the Event ID you have specified.

The output contains the following populated JSON schema:
{
"Event": {
"id": "",
"orgc_id": "",
"org_id": "",
"date": "",
"threat_level_id": "",
"info": "",
"published": "",
"uuid": "",
"attribute_count": "",
"analysis": "",
"timestamp": "",
"distribution": "",
"proposal_email_lock": "",
"locked": "",
"publish_timestamp": "",
"sharing_group_id": "",
"disable_correlation": "",
"extends_uuid": "",
"event_creator_email": "",
"Org": {
"id": "",
"name": "",
"uuid": "",
"local": ""
},
"Orgc": {
"id": "",
"name": "",
"uuid": "",
"local": ""
},
"Attribute": [
{
"id": "",
"type": "",
"category": "",
"to_ids": "",
"uuid": "",
"event_id": "",
"distribution": "",
"timestamp": "",
"comment": "",
"sharing_group_id": "",
"deleted": "",
"disable_correlation": "",
"object_id": "",
"object_relation": "",
"first_seen": "",
"last_seen": "",
"value": "",
"Galaxy": [],
"ShadowAttribute": []
}
],
"ShadowAttribute": [],
"RelatedEvent": [],
"Galaxy": [],
"Object": []
}
}

operation: Run Search

Input parameters

Parameter Description
Controller Specifies whether you want to search for Attributes or Events in MISP.
Filters (Optional) Filters based on which you want to search for attributes or events in MISP.
This parameter takes the input in the dict format, containing a key and value pair.
For example, {“values”:”8.8.8.8”, “not_values”:”google.com” }

Output

The JSON output contains details of the event(s) or attribute(s) that matches the query you have specified.

The output contains the following populated JSON schema:
{
"response": [
{
"Event": {
"id": "",
"orgc_id": "",
"org_id": "",
"date": "",
"threat_level_id": "",
"info": "",
"published": "",
"uuid": "",
"attribute_count": "",
"analysis": "",
"timestamp": "",
"distribution": "",
"proposal_email_lock": "",
"locked": "",
"publish_timestamp": "",
"sharing_group_id": "",
"disable_correlation": "",
"extends_uuid": "",
"event_creator_email": "",
"Org": {
"id": "",
"name": "",
"uuid": "",
"local": ""
},
"Orgc": {
"id": "",
"name": "",
"uuid": "",
"local": ""
},
"Attribute": [],
"ShadowAttribute": [],
"RelatedEvent": [],
"Galaxy": [],
"Object": []
}
}
]
}
{
"response": {
"Attribute": [
{
"id": "",
"event_id": "",
"object_id": "",
"object_relation": "",
"category": "",
"type": "",
"to_ids": "",
"uuid": "",
"timestamp": "",
"distribution": "",
"sharing_group_id": "",
"comment": "",
"deleted": "",
"disable_correlation": "",
"first_seen": "",
"last_seen": "",
"value": "",
"Event": {
"org_id": "",
"distribution": "",
"id": "",
"info": "",
"orgc_id": "",
"uuid": ""
}
}
]
}
}

operation: Delete Event

Input parameters

Parameter Description
Event ID ID of the event that you want to delete from MISP.

Output

The JSON output contains a status message specifying whether or not the event you have specified is deleted.

The output contains the following populated JSON schema:
{
"saved": "",
"success": "",
"name": "",
"message": "",
"url": ""
}

operation: Delete Attribute from Event

Input parameters

Parameter Description
Attribute ID ID of the attribute that you want to delete from MISP.

Output

The JSON output contains a status message specifying whether or not the attribute you have specified is deleted.

The output contains the following populated JSON schema:
{
"message": ""
}

operation: List All Tags

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"Tag": [
{
"id": "",
"name": "",
"colour": "",
"exportable": "",
"org_id": "",
"user_id": "",
"hide_tag": "",
"numerical_value": "",
"count": "",
"attribute_count": "",
"favourite": ""
}
]
}

operation: Add Tag

Input parameters

Parameter Description
Tag Name Name of the tag you want to create in MISP.
Exportable Select this checkbox if you want to create an exportable tag in MISP.
Hide Tag Select this checkbox if you want to hide the created tag in MISP.
Organisation ID ID of the organization that you want to add to the tag that you are creating in MISP.
User ID ID of the user that you want to add to the tag that you are creating in MISP.

Output

The output contains the following populated JSON schema:
{
"Tag": {
"id": "",
"name": "",
"colour": "",
"exportable": "",
"org_id": "",
"user_id": "",
"hide_tag": "",
"numerical_value": ""
}
}

operation: Add Tag to Event

Input parameters

Parameter Description
Event ID ID of the MISP event to which you want to add the specified tag.
Tag Tag that you want to add to the specified event in MISP.

Output

The output contains the following populated JSON schema:
{
"saved": "",
"success": "",
"check_publish": ""
}

operation: Remove Tag from Event

Input parameters

Parameter Description
Event ID ID of the MISP event from which you want to remove the specified tag.
Tag Tag that you want to remove from the specified event in MISP.

Output

The output contains the following populated JSON schema:
{
"saved": "",
"success": "",
"check_publish": ""
}

Included playbooks

The Sample-MISP-2.0.0 playbook collection comes bundled with the MISP connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the MISP connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.

Previous
Next