The GenericPolling playbook is used as a sub-playbook to block the execution of the master playbook until the remote action is complete. There are a number of playbooks that use the GenericPolling playbook that come out-of-the box, or installed from a content pack such as:
Cortex Polling - Generic: Polls a context key to check if a specific value exists.
Field Polling - Generic: Polls a field to check if a specific value exists.
QRadarFullSearch: Runs a QRadar query and return its results to the context.
Scan Assets - Nexpose: Scans according to asset IP addresses or host names from Rapid7 Nexpose, and waits for the scan to finish by polling the scan status in pre-defined intervals.
Generally polling is used in the following circumstances:
File detonation in a sandbox
URL detonation
Queries that take a long time to complete
The answer is B, D
Answer C&D:
GenericPolling playbooks: These playbooks are designed to execute a set of tasks repeatedly until a specific condition is met. This is particularly useful for scenarios where continuous monitoring or periodic checks are necessary until a certain outcome is achieved, such as verifying if an external process is complete or waiting for a response from an integrated system.
Playbook tasks: Within playbooks, tasks can be configured to loop based on conditions. This includes conditional tasks that can re-execute a group of tasks depending on the results of previous tasks. Sub-playbooks can also be looped through, which involves configuring the sub-playbook to repeat until a condition is satisfied or a maximum number of iterations is reached.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
guyash
1 week, 3 days agoLAFJ
4 months, 3 weeks ago[Removed]
6 months ago5688ac9
6 months, 1 week ago