Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Include Linked incidents table in email notification

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Include Linked incidents table in email notification

L1 Bithead

Dear Community members, 

 

hope you are all doing well !

 

I'm wondering if there is an option to include linked incident table (can be added to the incident layout) in email template.

I'm using Mail sender (New) : https://xsoar.pan.dev/docs/reference/integrations/mail-sender-new for sending email and I'm feeding it my custom html template.

 

if this is not possible, how can I access the incident linked incident table via scripts, to read and write data to the fields inside the table.

 

Thanks.

 

 

2 accepted solutions

Accepted Solutions

L4 Transporter

Hi @m.hamadieh ,

 

You can use SearchIncidentV2 script to get info about linked Incidents. It accepts different filters to search for incidents. If you define linked incidents ID inside the playbook it will retrieve the info only about the incidents linked to that incident. Please see the below screenshot. The script gets specific values by default and you can define more if you need. This task will create an output named foundIncidents which can be used in HTML template. I hope this answers your question.


gyldz_0-1685960652810.png

 

View solution in original post

L4 Transporter

HI @m.hamadieh ,

 

You can use GetIncidentsByQuery command for that purpose. It will enable you to define populated fields. Please see the below script as a reference. 

 

incident = demisto.incident()
incident_id = incident.get("id")
linked_incidents = incident.get("linkedIncidents")

if linked_incidents:
    for linked_incident in linked_incidents:
        query=f"id:{linked_incident}"
        populate_fields = ["id", "name","type"]
        res = demisto.executeCommand('GetIncidentsByQuery', {
                'query': query,
                'populateFields': ' , '.join(populate_fields)
            })

        if is_error(res):
           return_error(res)
        incident = json.loads(res[0]['Contents'])
        demisto.results(incident)




 

View solution in original post

4 REPLIES 4

L4 Transporter

Hi @m.hamadieh ,

 

You can use SearchIncidentV2 script to get info about linked Incidents. It accepts different filters to search for incidents. If you define linked incidents ID inside the playbook it will retrieve the info only about the incidents linked to that incident. Please see the below screenshot. The script gets specific values by default and you can define more if you need. This task will create an output named foundIncidents which can be used in HTML template. I hope this answers your question.


gyldz_0-1685960652810.png

 

dear @gyldz  , 

 

thank you for taking the time to answer my question , I have tested the script SearchIncidentV2 in the war room and its working as expected.

I'm actually devolving this customization as an automation and not a playbook , I'm executing SearchIncidentV2  using demisto.executeCommand but having hard time getting the output or accessing foundIncidents after executing the command ,could you help with that.

 

Best Regards.

 

L4 Transporter

HI @m.hamadieh ,

 

You can use GetIncidentsByQuery command for that purpose. It will enable you to define populated fields. Please see the below script as a reference. 

 

incident = demisto.incident()
incident_id = incident.get("id")
linked_incidents = incident.get("linkedIncidents")

if linked_incidents:
    for linked_incident in linked_incidents:
        query=f"id:{linked_incident}"
        populate_fields = ["id", "name","type"]
        res = demisto.executeCommand('GetIncidentsByQuery', {
                'query': query,
                'populateFields': ' , '.join(populate_fields)
            })

        if is_error(res):
           return_error(res)
        incident = json.loads(res[0]['Contents'])
        demisto.results(incident)




 

L1 Bithead

Dear @gyldz  , 

 

thanks for the code snippet , working perfectly.

 

is there any documentation on how to set and get incidents fields.

 

Thanks again , have a nice day !

  • 2 accepted solutions
  • 2402 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!