This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Assign owner to "current user" in playbook tasks

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Assign owner to "current user" in playbook tasks

Go to solution
MKececioglu
L2 Linker

‎06-09-2022 03:38 AM - edited ‎06-09-2022 04:07 AM

Hi,

 

There is a playbook task at one of the early steps which asks analyst to start investigation or not. The below command let me change owner to command executer himself but i need this execution inside the playbook. When an analyst click "Yes" to previous mentioned task is it possible to run this command on behalf of analyst. I dont want to force analyst to click "assign to me" as it has already been asked in mentioned question.  

 

"!AssignAnalystToIncident assignBy=current"

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
asawyer
L3 Networker
In response to MKececioglu

‎06-15-2022 03:55 PM

@MKececioglu correct, the AssignToMeButton script does need to be executed manually, either as a button or in the playbook, so that it knows which user to assign the incident to. You could do something like this to try to structure it so the user understands what they need to do:

 

Screen Shot 2022-06-15 at 1.47.36 PM.png

 

Or as @jfernandes1 suggested above, you can also have the user complete a manual task, then use the API to get that user's username, and assign the incident to them. The following API call returns the Work Plan details (replace INCIDENT_ID with the actual ID):

!demisto-api-get uri="/investigation/INCIDENT_ID/workplan"
 
Then you can parse the response to find the user who completed the manual task. This key of the response contains the list of Work Plan tasks: response.invPlaybook.tasks
Then you can parse through those (you can use a tag to uniquely identify a particular task if needed), and find the user who completed the task in the completedBy key.
 
Screen Shot 2022-06-15 at 4.54.56 PM.png

View solution in original post

0 Likes Likes
7 REPLIES 7

Go to solution
jfernandes1
L5 Sessionator

‎06-09-2022 12:55 PM - edited ‎06-09-2022 12:59 PM

Hi @MKececioglu,

 

Not sure if this is possible with a conditional task. But it possible with a data collection task. Since it saves the user who fill\completed the form. You can also shorten the playbook task by adding a question based on the owner field. 

 

This might also be possible via a conditional task. But you will need to go via the API to find out which user competed the entry. 

 

The AssignAnalystToIncident command will not work for your use case.

 

For your reference.

Screen Shot 2022-06-10 at 5.56.26 am.png

 

 

0 Likes Likes

Go to solution
MKececioglu
L2 Linker

‎06-10-2022 12:41 AM

@jfernandes1 thanks for response i realize that when i set owner field as a data collention question , it automatically populate analyst list and based on the answer, set it as owner which is a great way 🙂 . But still curious about a mandatory "assing to me" selection to deploy. 

0 Likes Likes

Go to solution
asawyer
L3 Networker
In response to MKececioglu

‎06-13-2022 06:18 PM

@MKececioglu not sure if this is what you are looking for, but wanted to jump in and mention that it is possible to simply run the AssignToMeButton script in a playbook (not just as a button).

0 Likes Likes

Go to solution
MKececioglu
L2 Linker
In response to asawyer

‎06-15-2022 04:26 AM

Hi @asawyer 

 

This is really o solution thank you, but i need fix one more thing that this automation keeps error state until someone click "Run automation now" and this seems liken en error to analyst at first sight,  any idea about how can i integrate this into a conditional task or clear the error state befor click.

MKececioglu_0-1655292067493.png

 

one more thing i realized that xsoar allows us to run commands in "Completion Note" inside a standart conditional match and if i can set a fixed command that includes "!AssignAnalystToIncident assignBy=current"  this will work too.

 

MKececioglu_1-1655292383805.png

 

 

 

0 Likes Likes

Go to solution
asawyer
L3 Networker
In response to MKececioglu

‎06-15-2022 03:55 PM

@MKececioglu correct, the AssignToMeButton script does need to be executed manually, either as a button or in the playbook, so that it knows which user to assign the incident to. You could do something like this to try to structure it so the user understands what they need to do:

 

Screen Shot 2022-06-15 at 1.47.36 PM.png

 

Or as @jfernandes1 suggested above, you can also have the user complete a manual task, then use the API to get that user's username, and assign the incident to them. The following API call returns the Work Plan details (replace INCIDENT_ID with the actual ID):

!demisto-api-get uri="/investigation/INCIDENT_ID/workplan"
 
Then you can parse the response to find the user who completed the manual task. This key of the response contains the list of Work Plan tasks: response.invPlaybook.tasks
Then you can parse through those (you can use a tag to uniquely identify a particular task if needed), and find the user who completed the task in the completedBy key.
 
Screen Shot 2022-06-15 at 4.54.56 PM.png
0 Likes Likes

Go to solution
jfernandes1
L5 Sessionator

‎06-15-2022 05:27 PM

Hi @MKececioglu, playbooks and automation can run in the background so there MUST be user interaction for the "current" part of command to understand who it needs to assign the ticket to. 

 

As I see it, you have only 2 options. 

1. Assign the owner automatically without analyst interaction - You can use the !AssignAnalystToIncident automation with any one of following parameters - assignBy, onCall or roles.

 

2. Assign the owner with analyst interaction - Button as @asawyer mentioned or Datacollection task. I would choose data collection over a conditional task since it easier to implement and better in every way!

0 Likes Likes

Go to solution
MKececioglu
L2 Linker

‎06-16-2022 07:36 AM

@jfernandes1  @asawyer thank you very much for your support, "!demisto-api-get uri="/investigation/INCIDENT_ID/workplan" works great for me after getting the user information "setOwner" automation handles everything. 👏

 

 

  • 1 accepted solution
  • 4631 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks