Assign owner to "current user" in playbook tasks

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Assign owner to "current user" in playbook tasks

L2 Linker

Hi,

 

There is a playbook task at one of the early steps which asks analyst to start investigation or not. The below command let me change owner to command executer himself but i need this execution inside the playbook. When an analyst click "Yes" to previous mentioned task is it possible to run this command on behalf of analyst. I dont want to force analyst to click "assign to me" as it has already been asked in mentioned question.  

 

"!AssignAnalystToIncident assignBy=current"

1 accepted solution

Accepted Solutions

@MKececioglu correct, the AssignToMeButton script does need to be executed manually, either as a button or in the playbook, so that it knows which user to assign the incident to. You could do something like this to try to structure it so the user understands what they need to do:

 

Screen Shot 2022-06-15 at 1.47.36 PM.png

 

Or as @jfernandes1 suggested above, you can also have the user complete a manual task, then use the API to get that user's username, and assign the incident to them. The following API call returns the Work Plan details (replace INCIDENT_ID with the actual ID):

!demisto-api-get uri="/investigation/INCIDENT_ID/workplan"
 
Then you can parse the response to find the user who completed the manual task. This key of the response contains the list of Work Plan tasks: response.invPlaybook.tasks
Then you can parse through those (you can use a tag to uniquely identify a particular task if needed), and find the user who completed the task in the completedBy key.
 
Screen Shot 2022-06-15 at 4.54.56 PM.png

View solution in original post

7 REPLIES 7

L4 Transporter

Hi @MKececioglu,

 

Not sure if this is possible with a conditional task. But it possible with a data collection task. Since it saves the user who fill\completed the form. You can also shorten the playbook task by adding a question based on the owner field. 

 

This might also be possible via a conditional task. But you will need to go via the API to find out which user competed the entry. 

 

The AssignAnalystToIncident command will not work for your use case.

 

For your reference.

Screen Shot 2022-06-10 at 5.56.26 am.png

 

 

L2 Linker

@jfernandes1 thanks for response i realize that when i set owner field as a data collention question , it automatically populate analyst list and based on the answer, set it as owner which is a great way 🙂 . But still curious about a mandatory "assing to me" selection to deploy. 

@MKececioglu not sure if this is what you are looking for, but wanted to jump in and mention that it is possible to simply run the AssignToMeButton script in a playbook (not just as a button).

Hi @asawyer 

 

This is really o solution thank you, but i need fix one more thing that this automation keeps error state until someone click "Run automation now" and this seems liken en error to analyst at first sight,  any idea about how can i integrate this into a conditional task or clear the error state befor click.

MKececioglu_0-1655292067493.png

 

one more thing i realized that xsoar allows us to run commands in "Completion Note" inside a standart conditional match and if i can set a fixed command that includes "!AssignAnalystToIncident assignBy=current"  this will work too.

 

MKececioglu_1-1655292383805.png

 

 

 

@MKececioglu correct, the AssignToMeButton script does need to be executed manually, either as a button or in the playbook, so that it knows which user to assign the incident to. You could do something like this to try to structure it so the user understands what they need to do:

 

Screen Shot 2022-06-15 at 1.47.36 PM.png

 

Or as @jfernandes1 suggested above, you can also have the user complete a manual task, then use the API to get that user's username, and assign the incident to them. The following API call returns the Work Plan details (replace INCIDENT_ID with the actual ID):

!demisto-api-get uri="/investigation/INCIDENT_ID/workplan"
 
Then you can parse the response to find the user who completed the manual task. This key of the response contains the list of Work Plan tasks: response.invPlaybook.tasks
Then you can parse through those (you can use a tag to uniquely identify a particular task if needed), and find the user who completed the task in the completedBy key.
 
Screen Shot 2022-06-15 at 4.54.56 PM.png

L4 Transporter

Hi @MKececioglu, playbooks and automation can run in the background so there MUST be user interaction for the "current" part of command to understand who it needs to assign the ticket to. 

 

As I see it, you have only 2 options. 

1. Assign the owner automatically without analyst interaction - You can use the !AssignAnalystToIncident automation with any one of following parameters - assignBy, onCall or roles.

 

2. Assign the owner with analyst interaction - Button as @asawyer mentioned or Datacollection task. I would choose data collection over a conditional task since it easier to implement and better in every way!

L2 Linker

@jfernandes1  @asawyer thank you very much for your support, "!demisto-api-get uri="/investigation/INCIDENT_ID/workplan" works great for me after getting the user information "setOwner" automation handles everything. 👏

 

 

  • 1 accepted solution
  • 3623 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!