This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Error: DB Version '##' and Insert version '##' do not match for id: ##### on bucket [] [incidents] (15)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Error: DB Version '##' and Insert version '##' do not match for id: ##### on bucket [] [incidents] (15)

Go to solution
DZerkle
L2 Linker

‎03-04-2021 07:08 PM

I have a trigger script automation that updates the linked incidents of an incident.  The update works, but then it produces the following error and refuses to update the field that triggered the automation.

 

DZerkle_0-1614912375236.png

 

 

The script works fine if I run it from the command line.  It's only when a triggered script runs that there's a problem.

 

Here's a sample that causes a problem.  If I comment this line out, the field updates just fine.

 

demisto.executeCommand("setIncident", {'id':child_case_id, "customFields":"{\"False Positive\":\"True\"}"})

 

 

Anyone know what's going on and to fix this?

0 Likes Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
DZerkle
L2 Linker
In response to DZerkle

‎03-05-2021 11:28 AM - edited ‎03-22-2021 09:28 AM

It looks like the checkbox is only there for version 6.1.

 

The workaround is to leave out the 'id':child_case_id  in the setIncident command and leave out the "incidentId":child_case_id  in the linkIncidents command.  This will default to using the current incident.

 

It may be that you have to use the ID, as is the case with the linkIncidents command.  In this case, triggered scripts need to use demisto.investigation()['id'] to get the incident ID.  They can't use demisto.incidents()[0]['id'].

View solution in original post

0 Likes Likes
19 REPLIES 19

Go to solution
ABurt
L3 Networker

‎03-05-2021 01:46 AM - edited ‎03-05-2021 02:02 AM

Hello,

 

I assume this a field-change-triggered script? What do you have selected for the ""Run triggered script after incident is modified"?

ABurt_0-1614937584774.png

 

You will not need to specify the "CustomFields" in the setIncident command either. You can use the system name for the field. In your case it would (most likely) be:

 

demisto.executeCommand("setIncident", {"id":child_case_id, "falsepositive":True})

 

 

Regards


Adam

Go to solution
DZerkle
L2 Linker
In response to ABurt

‎03-05-2021 07:40 AM

I don't even have that checkbox.  Where is it?  We're running 6.0.

DZerkle_0-1614958757707.png

 

0 Likes Likes

Go to solution
DZerkle
L2 Linker
In response to DZerkle

‎03-05-2021 11:28 AM - edited ‎03-22-2021 09:28 AM

It looks like the checkbox is only there for version 6.1.

 

The workaround is to leave out the 'id':child_case_id  in the setIncident command and leave out the "incidentId":child_case_id  in the linkIncidents command.  This will default to using the current incident.

 

It may be that you have to use the ID, as is the case with the linkIncidents command.  In this case, triggered scripts need to use demisto.investigation()['id'] to get the incident ID.  They can't use demisto.incidents()[0]['id'].

0 Likes Likes

Go to solution
DZerkle
L2 Linker
In response to DZerkle

‎03-05-2021 04:45 PM - edited ‎03-05-2021 04:54 PM

The solution above turns out to be only partial.  Leaving out the incidentId field for the linkIncidents command causes the command to do nothing.  Putting it back in re-generates the DB version errors.  Running the trigger script from the command line works perfectly.

 

So, I don't have a way to modify linked cases in a triggered script in 6.0.  Anyone know?

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks