When receiving alerts from multiple connectors in SecOps, which approach helps identify internal IP entities and assign a specific network name to trigger a playbook?

Enrich IP address entities as the initial step of the playbook. By resolving each IP to its internal context (drawing on your asset inventory or network map), you attach a specific internal network name to the IP. That enriched context lets the automation consistently identify which internal network the host belongs to and route the alert to the appropriate playbook for that network. This approach scales across multiple connectors because the enrichment normalizes disparate data into a single, actionable field, avoiding manual tweaks or per-connector configurations. Other methods rely on static settings or manual attribute changes, which are brittle and harder to maintain as assets and connectors evolve.