Create incident with Script

YilmazDincer — Wed, 19 Jul 2023 12:07:37 GMT

Hi all,

I am creating an incident with script as following:

uri = f'/incident' body = { "name": incident_name, "type": incident_type, "createInvestigation": True, #"rawJSON": json.dumps({'hello': 'test'}) } return execute_command('demisto-api-post', {'uri': uri, 'body': body}, fail_on_error=False)

and i want to use a field that type is json. My purpose when i create an incident, i want to send args for playbook (if I give an input in rawjson, I can reach the result with the operations I will do here.) For example -> rawJSON: {"password":"defaultpassword"} and in playbook, I can get these on the playbook.

But rawJson doesn't work. Do you have any idea?

Re: Create incident with Script

MBeauchamp2 — Wed, 19 Jul 2023 14:54:16 GMT

Far as I know the /incident doesn't accept the rawJSON, you gotta build the body and send in the fields you want, example below.

Better option is to use /incident/json endpoint as this will accept a raw json body, and you and then add a Classifier and Mapper to it via Settings -> Objects Setup -> Incidents -> Classifiers and Mappers -> API Endpoints (3 dots on right side) -> Incident API.

/incident/json body example:

body = {

"name": "json incident",

"type":"xsoar incident type",

"key1":"ready key one",

"key2":"ready key two"

}

/incident API body example

# body of the Incident, with all the fields we want to map.

# createInvestigation = True is required to have the playbook run automatically

body = {

"severity":1,

"owner":"admin",

"CustomFields": {

"eventtype":"Test API"

"type":"Unclassified",

"name":"Test Incident API",

"details":"This is a test",

"dbotcreated":"2012-10-27T15:41:55Z",

"createInvestigation": True

}

topic Create incident with Script in Cortex XSOAR Discussions

Create incident with Script

Re: Create incident with Script