Creating usecase with addEntitlement

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Creating usecase with addEntitlement

L0 Member

Hello everyone, I'm try to make a usecase where it will be possible to send email to the XSOAR and instead of creating new incident the email content will be delivered to already open incident based on Incident id or UID with addEntitlement.

after creating an entitlement  I send email to the XSOAR (I got ews V2 setup and working) with the entitlement\incident ID in the subject but it creates new incident and not add it's content to the open one.

any one as a guide\know how to make addEntitlement work? thanks!

2 REPLIES 2

L1 Bithead

Best suggestion I can make is to use preprocess rule: https://xsoar.pan.dev/docs/incidents/incident-pre-processing
That way, your incoming incident via email is being linked or updating the previously opened incident based on Incident ID or UID. 
However, adding content to the new one would probably require a custom script that could be pretty complex in this scenario.

L3 Networker

@A.Levy, alternatively, to use entitlements in email communication, you can copy the functionality implemented in some of our out-of-the-box automation scripts, such as EmailAskUser (CommonScripts pack) or SendEmailToManager (Active Directory Query pack). 
The idea is to create an entitlement in your code by calling the system function addEntitlement and then adding the entitlement string to the email subject line. When the recipient receives the email and replies to it, the answer will be routed to the incident where the entitlement was created.

 

I'm sharing here a simple script with this functionality.

To call the script, please see an example below:
!EmailThread allowReply=true body="This is a test email" email=user@example.com persistent=true subject="Testing Email Threads"

Let me know if you have any questions. 

  • 276 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!