Flow Control Action Name | Icon |
---|---|
If | ![]() |
If else | ![]() |
Switch | ![]() |
Loop | ![]() |
While | ![]() |
Wait | ![]() |
Set variables | ![]() |
Note | ![]() |
Run On Error | ![]() |
End Run | ![]() |
If & If-Else Statements
If
statements in the Blink Platform play a crucial role in controlling the flow of workflows. They evaluate conditions by comparing values, and based on these comparisons, trigger specific actions. This allows workflows to respond dynamically to different scenarios. By incorporating AND and OR logic, if statements enable more complex decision-making, as they can assess multiple conditions simultaneously, providing greater flexibility in handling various situations.
true
or false
without running the nested actions. The If
statement: Determines the workflow’s direction based on whether a specified condition is true
.
The If-Else
statement: Determines the workflow’s direction based on whether a condition is true
or false
. If true
, the workflow follows one course of action; if false
, it follows an alternative course.
`If`- Use Case Example
`If`- Use Case Example

- The workflow is triggered when a new Gmail message is received.
- The system extracts URLs from the email.
- Each URL is scanned using VirusTotal (or another scanning tool).
-
The If statement checks if the scanned URL is flagged as “Malicious.”
- If true, the workflow notifies a Slack channel and deletes the email to prevent potential threats.
- If false, the workflow continues without taking these actions.
Switch Case
The Switch Case action allows you to compare a given value with a series of possible values and execute different blocks of actions based on the matching case value.
Flow Control Action Name | description |
---|---|
Switch case | The Switch Case includes a Switch Variable which is compared to a list of case values. If any of these case values matches the Switch Variable, it prompts the execution of a particular block of actions associated with that matching case value. |
Case | Each Case is a value that is compared against the Switch Variable if the value of the Switch Variable matches a Case value, the corresponding block of actions associated with that will be executed |
Actions | Within each case, you can choose any set of Actions to be performed. |
Case Default | The default case serves as a default output option and comes into play when the Switch Variable does not match any of the other Case values. |
Switch- Use Case Example
Switch- Use Case Example
Overview
In the provided workflow example, the Switch case action is used to implement conditional branching based on the incoming data from the Blink Web Form response trigger. It allows the workflow to take different paths depending on the value of a specified variable or condition.
Workflow Logic with Switch Case
Action
-
Switch Case Action:
- The workflow starts with a Switch case action that evaluates the user input from the web form response.
-
Case 1: Self-Service Actions
- If the web form submission indicates a self-service request, the workflow processes it by sending the request to the appropriate system and logging user feedback.
-
Case 2: Report an Issue
- If the submission is about reporting an issue, the workflow logs the report, creates an issue in Jira, and captures user feedback.
-
Default Case:
- If the request does not match any specific case, the workflow treats it as a general request, creates a ticket in Zendesk, and logs user feedback.
Loop - For Each
The ‘For Each’ loop executes an action or multiple actions for each element in a list.
Keywords
Keywords
Item
-
An item is an individual element in a list that is being looped through.
-
Accepted Values:
- String
- Numbers
- Variable
- List of JSON objects
-
Supported Formats:
- Comma-Separated: Example:
1,2,3,4
- Array Format: Example:
[1,2,3,'c']
- Comma-Separated: Example:
-
Accepted Values:
-
index - refers to the to variable that keeps track of the current iteration. By default the first iteration index is
0
- total_items- refers to the total number of items in the list.
Debugging a Loop
Debugging a Loop
Run All
, Run Next Item
and Reset
.- If you hover over the Run All action, a tooltip will appear explaining the starting index and the index the iteration will stop at.
- If you hover over the Run Next Index action, a tooltip will appear explaining the index that will run next.
Advanced Settings
Advanced Settings
- Start from Index allows you to start your loop at a specified index in your input list.
- Stop at Index allows you to end your loop at a specified index in your input list.
For Each Loop- Use Case Example
For Each Loop- Use Case Example
Overview
This workflow is designed to detect and respond to potentially malicious emails in Gmail. It starts when a new email arrives and extracts key details, including any URLs present in the email. The workflow then analyzes each URL to determine if it is malicious. If a malicious URL is found, the workflow takes automated response actions, such as notifying a channel and deleting the email.
Workflow Logic with For Each
Loop Action
The loop action iterates over each URL extracted from the email. Here’s how it works:- Extract URLs – The workflow retrieves all URLs from the email.
- Loop on Each URL – The loop action takes each URL one by one and processes it through the following steps:
- Scan URL – The URL is checked using a security service (e.g., VirusTotal).
- If Malicious – A condition checks if the scan result marks the URL as malicious.
- Notify & Delete – If malicious, the workflow notifies a designated channel (e.g., Slack) and deletes the email from Gmail.
While Loop
The ‘While’ action enables you to run an action or multiple actions for as long as specified conditions are met.
Advanced Settings
Advanced Settings
Do-While Loop
-
A
Do-while
loop ensures a step or multiple steps are executed at least once. After the initial execution, it repeatedly runs the subsequent steps of for as long as the specified conditions are met. -
You can enter the maximum amount of iterations you would like your
While
Loop orDo-while
loop to carry out.
While Loop- Use Case Example
While Loop- Use Case Example
Overview
This Splunk Suspicious File Alert workflow automates threat response by analyzing potentially malicious files detected by Splunk, creating a Jira issue, and checking VirusTotal for threat intelligence. If a file has more than three malicious detections, it prompts a security analyst via Slack to decide whether to isolate the affected endpoint using Cortex XDR.
Workflow Logic with While
Action
The while loop in the workflow is configured with the condition:If “malicious” is greater than 3, continue looping.- This means the workflow will repeatedly check if the number of malicious detections in the file report (from VirusTotal) exceeds 3. If this condition holds true, the loop will continue executing the steps inside it.
- A Slack message is sent to ask a question.
- If the answer equals “Isolate”, the endpoint is isolated using Cortex XDR.
Wait
The ‘Wait’ Action pauses the workflow for a set time before continuing to run the rest of the workflow. You can specify the wait time in seconds, minutes, or hours.
14
days. For more information please visit the Workflows Runtime Limitations section of our documentation.Variable type | Default value | |
---|---|---|
Wait For | 1. Time Interval, 2. Workflow Execution, 3. Web Form Response | |
Timeout | The time value- when reached, the step is completed and the workflow will continue | |
Time Unit | Seconds, Minute, or Hours. |

Wait for: Time Interval
Wait for: Time Interval
Wait for: Workflow Execution
Wait for: Workflow Execution
Wait For: Web Form Response
Wait For: Web Form Response
Set Variables 
The set variables Action enables users to define variables and use them in the execution of the Workflow.
Variable Type | Default value |
---|---|
Boolean | false |
Numeric | 0 |
String | "" |
List | [] |

'Set Variable' Action- Use Case Example
'Set Variable' Action- Use Case Example
Note
The ‘Note’ action provides a rich text editor that allows you to add helpful instructions, explanations, or contextual guidance for end-users within a Workflow. The text editor supports Markdown (md
) syntax. This action is useful for adding clarity to complex workflows, ensuring users understand the next steps or any important details.

Run - On Error
The Run - On Error action is used to handle errors that might occur during the execution of a workflow. It utilizes a dual-step structure, consisting of Run and On Error, designed to efficiently manage any errors that might arise while executing actions within the Run phase.
- Run: This step is designed for placing action(s) that contributes the overall Workflow sequence.
- On Error: If there is an error during Run block, the flow will automatically shift to the On Error block. In this block, specific actions are taken to address the error. The error JSON object will be made available within the On Error block to assist in handling the error.
Run- On Error- Use Case Example
Run- On Error- Use Case Example

Workflow Logic with Run - On Error
Action
- The workflow is triggered when a new user is added to a group in Okta.
- It retrieves the user’s email and asks an administrator (via Slack) if they authorized the action.
- If the admin denies responsibility, the workflow deactivates the user in Okta and notifies the security team.
- The On Error statement is a fail-safe mechanism that catches any unexpected issues (e.g., API failures, Slack/Okta connection issues, or execution errors).
- If an error occurs at any step, it sends a notification to the security group via Slack, alerting them to unusual activity.
End Run
The End Run Action enables you to select the final status of an execution, Completed or Failed.
End Run- Use Case Example
End Run- Use Case Example
Overview
This workflow identifies Google Drive files that are publicly accessible and enables file owners to revoke public access through a Slack prompt. If the file owner agrees to revoke access, the workflow removes the public sharing permission and ends the run with a Completed status.
Workflow Logic with End Run
Action
- The workflow iterates through users and their insecure (publicly shared) Google Drive files.
- For each insecure file, it asks the owner via Slack if they want to revoke public access.
- If the response is “Revoke Public Access” = true, the workflow proceeds to:
- Delete public permission from the file.
- End the run immediately with status Completed.
Purpose of Using “End Run”
- “End Run: Completed” is used to gracefully exit the workflow once the goal (removing public access) is achieved.
- It ensures no unnecessary steps run after successful revocation, while still marking the execution as successful