Trigger a workflow

You can trigger a workflow manually or automatically.

A workflow can either run with the identity of the user who owns it, or with the identity of a service account associated to the Workflow. For more information on service accounts, see Service accounts for Workflows.

Manually trigger a workflow

To trigger a workflow manually:

  1. From the workflow page, click Run.
  2. Enter the values for existing trigger variables.
  3. When you’re ready to run the workflow, click Save & Run.

Trigger a workflow from a Dashboard

To trigger a workflow from a Dashboard, add the Run Workflow widget:

  1. From your Dashboard, click Add Widget.
  2. Search for workflows and add the Run Workflow widget.
  3. Under Select the workflow, find your workflow in the dropdown menu.
  4. Map dashboard template variables to workflow input parameters. This allows the values of your dashboard template variables to be mapped directly to the input parameters when you run the workflow.
  5. Enter a title for the widget and click Save.
Click Run Workflow to trigger a workflow from Dashboard widget.

To run the workflow:

  1. Click Run Workflow on your dashboard widget.
  2. Under Execution parameters, any template variables you mapped to workflow inputs are automatically populated. Enter the values for any unmapped execution parameters, or edit the existing values if needed.
  3. Click Run to run the workflow.

Trigger a workflow from a Monitor

To trigger a workflow from a Monitor:

  1. On the workflow canvas, click Add an Automated Trigger and select @mention.
  2. Save your Workflow.
  3. Navigate to the Monitors page in Datadog.
  4. Find the monitor you’d like to use to trigger the workflow and edit it, or create a new monitor.
  5. In the message section, add the full workflow mention name:
    • The mention name should start with @workflow-. For example, @workflow-my-workflow
    • To pass trigger variables into the workflow, use a comma-separated list with the syntax @workflow-name(key=value, key=value). For example, @workflow-my-workflow(name="Bits", alert_threshold=threshold)
  6. Save the monitor.
Add a monitor trigger to the message section of a Monitor

Each time the monitor threshold is hit, the monitor triggers a workflow run.

Trigger a workflow from a Security Signal

You can trigger a Workflow automatically for any Security Signal, or manually trigger a Workflow from a Cloud SIEM Security Signal panel.

Trigger a workflow automatically from Security Signal Notification Rules

You can set up a workflow to trigger every time a Security Signal Notification Rule fires.

To trigger a workflow from a Notification Rule:

  1. On the workflow canvas, click Add an Automated Trigger and select @mention.
  2. Next to @workflow-, enter a mention name for the trigger. Your mention name must be unique.
  3. Save your Workflow.
  4. From the Setup & Configuration page, find the Detection Rule you’d like to use to trigger your workflow, or create a new rule.
  5. In the Recipient section, add the full workflow mention name. For example, @workflow-my-workflow.
  6. Click Save and Activate.
Add the workflow name to the recipient section of a Notification rule

Each time the Notification Rule fires, it triggers a workflow run.

Trigger a workflow manually from Cloud SIEM Security Signals

You can manually start a workflow from a Cloud SIEM Security Signal panel.

  1. Click Run Workflow at the top of the Security Signal panel.
  2. In the search modal, enter the name of the workflow you want to run. Select the workflow.
  3. If your workflow requires input parameters, enter the values as required. You can copy the values from the Signal object JSON displayed next to the input parameters, and paste them into the parameter fields.
  4. Click Run.
  5. You can see the workflow run status in the Workflow section of the Security Signal.

Trigger a workflow on a schedule

To schedule a workflow run:

  1. On the workflow canvas, click Add an Automated Trigger and select Schedule.
  2. Click Create to create a service account. For more information, see Service Accounts for Workflows.
  3. Enter a time and frequency for the run.
  4. (Optional) Enter a description for the workflow in the Memo field.
  5. Click Save.

Debug a workflow

After you trigger a workflow, the workflow page switches to the Debug view. You can also manually toggle between the Build and Debug views.

Use the Debug view to watch the progress of a triggered workflow, or debug a failed step. Clicking on a failed step gives you the inputs, outputs, and execution context for the step, as well as the associated error message. The example below shows a failed GitHub team membership step. The error message shows that the step failed due to missing permissions:

A workflow with a failed step.

The initial Debug view for a workflow provides a panel with the list of previous workflow executions and whether each execution succeeded or failed. Failures include a link to the failed workflow step. Click on a workflow execution in the list to inspect it. You can return to the initial execution history at any time by clicking on the workflow canvas.

Further reading

Additional helpful documentation, links, and articles:

Find out more about Service Accounts for workflowsDOCUMENTATION more more Find out more about setting up a dashboardDOCUMENTATION more more Find out more about Security SignalsDOCUMENTATION more more Find out more about MonitorsDOCUMENTATION more more