- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-04-2023 05:43 AM
Dear Community members,
hope you are all doing well !
I'm wondering if there is an option to include linked incident table (can be added to the incident layout) in email template.
I'm using Mail sender (New) : https://xsoar.pan.dev/docs/reference/integrations/mail-sender-new for sending email and I'm feeding it my custom html template.
if this is not possible, how can I access the incident linked incident table via scripts, to read and write data to the fields inside the table.
Thanks.
06-05-2023 03:27 AM
Hi @m.hamadieh ,
You can use SearchIncidentV2 script to get info about linked Incidents. It accepts different filters to search for incidents. If you define linked incidents ID inside the playbook it will retrieve the info only about the incidents linked to that incident. Please see the below screenshot. The script gets specific values by default and you can define more if you need. This task will create an output named foundIncidents which can be used in HTML template. I hope this answers your question.
06-05-2023 08:04 AM
HI @m.hamadieh ,
You can use GetIncidentsByQuery command for that purpose. It will enable you to define populated fields. Please see the below script as a reference.
incident = demisto.incident()
incident_id = incident.get("id")
linked_incidents = incident.get("linkedIncidents")
if linked_incidents:
for linked_incident in linked_incidents:
query=f"id:{linked_incident}"
populate_fields = ["id", "name","type"]
res = demisto.executeCommand('GetIncidentsByQuery', {
'query': query,
'populateFields': ' , '.join(populate_fields)
})
if is_error(res):
return_error(res)
incident = json.loads(res[0]['Contents'])
demisto.results(incident)
06-05-2023 03:27 AM
Hi @m.hamadieh ,
You can use SearchIncidentV2 script to get info about linked Incidents. It accepts different filters to search for incidents. If you define linked incidents ID inside the playbook it will retrieve the info only about the incidents linked to that incident. Please see the below screenshot. The script gets specific values by default and you can define more if you need. This task will create an output named foundIncidents which can be used in HTML template. I hope this answers your question.
06-05-2023 06:11 AM
dear @gyldz ,
thank you for taking the time to answer my question , I have tested the script SearchIncidentV2 in the war room and its working as expected.
I'm actually devolving this customization as an automation and not a playbook , I'm executing SearchIncidentV2 using demisto.executeCommand but having hard time getting the output or accessing foundIncidents after executing the command ,could you help with that.
Best Regards.
06-05-2023 08:04 AM
HI @m.hamadieh ,
You can use GetIncidentsByQuery command for that purpose. It will enable you to define populated fields. Please see the below script as a reference.
incident = demisto.incident()
incident_id = incident.get("id")
linked_incidents = incident.get("linkedIncidents")
if linked_incidents:
for linked_incident in linked_incidents:
query=f"id:{linked_incident}"
populate_fields = ["id", "name","type"]
res = demisto.executeCommand('GetIncidentsByQuery', {
'query': query,
'populateFields': ' , '.join(populate_fields)
})
if is_error(res):
return_error(res)
incident = json.loads(res[0]['Contents'])
demisto.results(incident)
06-06-2023 05:48 AM
Dear @gyldz ,
thanks for the code snippet , working perfectly.
is there any documentation on how to set and get incidents fields.
Thanks again , have a nice day !
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!