05-16-2022 10:39 AM
Hi,
I want to set sla times per severity type but it seems xsoar bind sla's to incident type, so i think i need to start each sla per severity in playbook by testing severity it is nearly clear for me. But i am confused what type of SLA should i create , xsoar gives you flexibility to create custom sla duration lets say; response time, detect time, resolve time, investigation start time, cust_wait etc. Is there any best practice guide to create sla types ?
05-19-2022 03:38 AM
Hi @MKececioglu
Not sure if you can do it for a table output. But below is how you get it for chart.
05-16-2022 02:55 PM
You can use SLAs on Incident Types, or Start/Stop Timers in different places on the playbook.
Check out the video 10 for SLAs & Timers in this series, it may be helpful:
05-18-2022 06:37 AM
@MBeauchamp2 thanks for response, now i am able to crate timers for each severity. But i have 56 severity level with 2 different timer in it so now i have added my playbook some conditional task and managed to start related timer. The issue is that when it comes to report creation i need to sum all 5 sla timer duration and calculate an avarege time but as these are custom sla's i cannot find a proper way to do it.
05-18-2022 07:37 PM
@MKececioglu Why 56? Are you creating multiple SLA Fields due to the SLA values per severity? If so, you can set the SLA for field by issuing the below command. The command can be called after the severity is set.
!setIncident slaField=<SLA_Filed_CLI_NAME> sla=<Numeric Value in minutes>
Once an incident is closed you can use the `incident.openDuration` field to check the duration of the incident. You can also have an additional timer\sla that calculates the overall time. You cannot add the `sla.totalDuration` field in a report.
05-19-2022 12:16 AM
Hi @jfernandes1 ,
56 was a typo sorry, it is 5 severtiy indeed and for each severtiy i have 2 sla those are response time and resolution time. I have created 10 timer/ala based on this architecture and i am able to start these timers in playbook after test the sla condition in a conditional task. At the first response of an analyst playbook stops the response timer and after incident close by Default all timers stopped ( in this scenario resolution timer) all is Ok. But when it comes to a report to calculate these timer values for all incident in a time period i am confused about how to detect mean times based on these custom timers.
05-19-2022 03:38 AM
Hi @MKececioglu
Not sure if you can do it for a table output. But below is how you get it for chart.
06-06-2022 05:32 AM - edited 06-06-2022 05:32 AM
Hi,
setincident automation changes sla for a specific timer and everything is clear now.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
