Customization in Infinity Playblocks

Infinity Playblocks provides flexible customization options to tailor automations according to your organization's needs. These are the primary methods to create or customize automations:

Creating Automation from Blank

Creating an automation from blank allows you to build fully customized flows from scratch, tailoring every step to your specific use case.

To create an automation from blank:

  1. Access Infinity Playblocks and go to Automations.

  2. Click New and select Start from blank.

    A new automation window appears.

  3. Click the box to add a trigger.

  4. Select a trigger:

    • Log Trigger - To monitor specific log types with optional filters and time intervals. See Log Trigger.

    • Schedule Trigger - To execute the automation at defined time intervals. See Schedule Trigger.

  5. Click Add.

Log Trigger

In the Log Trigger window:

  1. In the General tab:

    1. From the Type list, select the log type:

      • Logs

      • Audit

      Note - An additional option Events is available if you select Quantum SD-WAN as the source product.

    2. From the Get logs from list, select the source product for the logs.

      Note - For Quantum products, there are two options:

      1. Quantum Management (Infinity Portal)

        Opens the cloud logs view (requires Smart-1 Cloud or Log Sharing).

      2. Quantum Management (Self-Hosted Log Server)

        Opens a manual input for filter text.

      Additional products that support filter editing via the cloud logs view are:

      • Harmony Endpoint

      • Harmony Email & Collaboration

      • Harmony SASE

      • SD-WAN

      • CloudGuard WAF

    3. In the Filter field, choose the filter from the product logs.

    4. From the Interval list, select how often Infinity Playblocks will search for matching logs.

    5. (Optional) In the Condition section, add criteria to refine when the automation is triggered.

      This enables more tailored log monitoring and precise automation triggers. The automation will only be triggered when all conditions are met. The condition types available are:

      • Count the Number of Logs

        • Count distinct or count occurrences within a field

          For example, trigger automation if logs are found from three different sources.

        • Option to save values for later use

      • File/IP/URL is Malicious

        Uses Check Point Reputation Service to verify if values are flagged as malicious.

      • Skip log if value exists in list

        Skips log if the value field (example, IP address) already exists in a predefined list.

      • Admin is external

        Checks if the admin field from log is an external user.

      • Fields exist in log

        Ensures specified fields are present.

      • Field is matched to specific value

        Compares a field to an expected value.

      • Field is IP address

        Validates that a field contains a valid IP address.

      • Suppress logs

        Prevents triggering based on repeated matches.

  2. In the Example output tab:

    • If logs matching your filter were found in the last 24 hours, the system displays an example log.

    • Otherwise, you can manually define an example to enable use of log fields:

      1. Click New example.

      2. Enter a name and click Create.

      3. Paste your example sample text.

      4. Click Save.

  3. Click Create.

Schedule Trigger

In the Schedule Trigger window:

  1. In the General tab, from the Repeats list, select the frequency to repeat the trigger to run the automation:

    • Monthly - Runs the automation every X months, on specified days.

    • Weekly - Runs the automation on selected weekdays, at a specific time.

    • Daily - Runs the automation every X days, at a set time.

    • Hourly - Runs the automation every X hours.

  2. Click Create.

Managing Trigger

  1. Hover over the End button in your trigger.

    It changes to +.

  2. Click +.

  3. Select the required option:

Notifications

  1. In Notifications, select one of these:

    • Notify

      1. To send a notification with customizable subject and message content, select Notify.

      2. Click Add.

        The Notify window appears.

      3. Enter these:

        1. Subject - Text combined and dynamic values from previous steps or automation parameters.

        2. Message - Text combined and dynamic values from previous steps or automation parameters.

        3. (Optional) Send event details - Include selected event data from the outputs of the current or previous steps, or from the automation parameters.

        4. Notification profile - Select the notification profile of the step.

      4. Click Create.

    • Ask

      1. To send a customizable message that prompts a user response, select Ask.

      2. Click Add.

        The Ask window appears.

      3. Enter these:

        1. Subject - Text combined and dynamic values from previous steps or automation parameters.

        2. Message - Text combined and dynamic values from previous steps or automation parameters.

        3. (Optional) Send event details - Include selected event data from the outputs of the current or previous steps, or from the automation parameters.

        4. Options and Defaults - Define user response options and a default fallback in case of timeout.

        5. Notification profile - Select the notification profile of the step.

      4. Click Create.

    • Open Ticket

      1. To create a ticket, select Open Ticket.

      2. Click Add.

        The Open Ticket window appears.

      3. Enter these:

        1. Subject - Configure the ticket subject, with the option to add fields from the outputs of the current or previous steps and from the automation parameters.

        2. Description - Configure the ticket description, with the option to add fields from the outputs of the current or previous steps and from the automation parameters.

        3. (Optional) Send event details - Choose whether to send event details, and select specific details from the outputs of the current or previous steps, or from the automation parameters.

      4. Click Create.

Enrichments

Enrichment steps query Check Point Reputation Service to return relevant data for IP addresses, URLs, or file hashes from previous step outputs. Each enrichment provides threat intelligence about the value being checked.

  1. In Enrichments, select one of these:

    • Enrich IP

      1. To return data for an IP address, select Enrich IP.

      2. Click Add.

        The Enrich IP window appears.

      3. Enter an IP address selected from previous steps outputs. The system returns the following information:

      4. Click Create.

    • Enrich URL

      1. To return data for a URL, select Enrich URL.

      2. Click Add.

        The Enrich URL window appears.

      3. Enter a URL selected from previous steps outputs. The system returns the following information:

      4. Click Create.

    • Enrich File

      1. To return data for a file hash, select Enrich File.

      2. Click Add.

        The Enrich File window appears.

      3. Enter a file hash selected from previous steps outputs. The system returns the following information:

      4. Click Create.

Conditions

Conditions are used to create branches in the automation flow based on logical evaluations.

  1. In Conditions tab, select Condition.

  2. Click Add.

    The My Condition window appears.

  3. Specify these:

    1. Expression 1

    2. Operation:

      • Equal to

      • Not equal to

      • Greater than

      • Greater than or equal to

      • Less than

      • Less than or equal to

    3. Expression 2

    Both expressions can use static values or outputs from previous steps. Define what happens when the condition is met or not met.

Actions

  1. In Actions tab, select Run Automation.

    1. Click Add.

      The Run Automation window appears.

    2. In the General tab, from the Automation name list, select one of these and specify the automation parameters and Input:

      • Block External IP:

        • Block reason

        • IP block duration

        • Notification message

        • Notification message (not added)

        • Notification subject

        • Notification subject (not added)

        • Block IP

        • Notification profile (IP was blocked)

        • Notification profile (IP was not blocked)

      • Quarantine Internal IP

        • Quarantine reason

        • IP quarantine duration

        • Notification message

        • Notification message (not added)

        • Notification subject

        • Notification subject (not added)

        • Open ticket if device IP was quarantined

        • Quarantine IP

        • Notification profile (Device IP was quarantined)

        • Notification profile (Device IP was not quarantined)

      • Open ticket and notify

        • Open ticket

        • ServiceNow ticket type

        • Jira ticket type

        • Notification subject

        • Notification message

        • Ticket subject

        • Ticket description

        • Notification profile

      • Isolate endpoint device

        • Device isolation duration

        • Notification subject

        • Notification message

        • Open ticket if device was isolated

        • type

        • deviceName

        • deviceIp

        • machineId

        • comment

        • Notification profile

    3. Click Create.

  2. Select Add to list and then click Add:

    The Add to list window appears.

    1. Specify these:

      1. IP/URL/Domain/Hash - A value of type IP, URL, Domain, or Hash from the outputs of previous steps.

      2. Add to list

      3. Unless in list

      4. Duration

      5. Reason

    2. Click Create.

  3. Select Create IOC Management Indicators and then click Add:

    The Create IOC Management Indicators window appears.

    1. Specify these:

      1. Indicators

      2. Expiration in days

    2. Click Create.

Exporting/Importing Automation

You can export and import an automation in json format.

  1. To export an automation:

    • In the card view, click in an automation card that you want to export and then click Export.

    • In the table view, select the automation that you want to export and then click Export.

  2. To import an automation, click New.

  3. Select Import automation file.

    The Import automation file window appears.

  4. Choose the .json file from your local drive.

  5. Click Apply.

Cloning Existing Automation

You can clone an existing automation for editing and customization. To do that:

  • In the card view, click in an automation card that you want to clone and then click Clone.

  • In the table view, select the automation that you want to clone and then click Clone.

Automation Capabilities

Out-of-the-Box Automations

Use Case

Default automations provided by the system.

Abilities

  • Update automation parameter values

  • Update notification profiles

  • Reset parameters

Editing Restrictions

  • Cannot edit steps

  • Cannot change structure or metadata

Cloned Automations – Not Exported but Exportable

Use Case

Cloned from out-of-the-box automations without structural changes.

Abilities

  • Update metadata and step content

  • Add/remove steps from the end of the graph

  • Reset parameters

Editing Restrictions

  • Cannot change structure in the middle of the graph

  • Notification profile menu is unavailable

Fully Custom or Modified Automations – Exported and Exportable

Use Case

Cloned and modified, or created from blank, import, or AI.

Abilities

  • Full metadata and step updates

  • Add/remove steps from the end of the graph

Editing Restrictions

  • Cannot reset parameters

  • Notification profile menu is unavailable

Cloned Automations – Not Exported or Exportable

Use Case

Limited to 3 default automations:

  • Notify on high rate of blocked connections

  • Repeated Remote Access login to expired accounts

  • Repeated Remote Access login failures (password-only)

Abilities

  • Update metadata

  • Update step content

  • Reset parameters

Editing Restrictions

  • Cannot add/remove steps

  • Notification profile menu is unavailable