Storing Incident Notes in Context Data

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Storing Incident Notes in Context Data

L3 Networker

Hello all,

I am working on a use-case in which I need to store text based comments (Including MD) to context data for report generation. I have tried to create a script for this yet I have not succeeded. Is there a way to access the comment section in order to pull comments dynamically ?

Cortex XSOAR 

PCSAE
1 accepted solution

Accepted Solutions

L3 Networker

@michaelsysec242

 

To get a specific comment from your incident you can use the built-in automation commentsToContext which takes as arguments the entryId of the comment and contextKey, which defines where to store the result in context. This works for individual comments, but not for all the comments in your investigation. 

 

To pull all the comments from your investigation, you can use in your automation the built-in command getEntries to get all the entries in your war-room in combination with a category filter for chat entries (see the documentation here.)

 

res = execute_command("getEntries", {"filter": {"categories": ["chats"]}})

 


Once you have all your chat entries (comments), you can save them to context and/or output them as a table.
Find below a simple script to get all the comments and save them to your context data.

 

View solution in original post

2 REPLIES 2

L3 Networker

@michaelsysec242

 

To get a specific comment from your incident you can use the built-in automation commentsToContext which takes as arguments the entryId of the comment and contextKey, which defines where to store the result in context. This works for individual comments, but not for all the comments in your investigation. 

 

To pull all the comments from your investigation, you can use in your automation the built-in command getEntries to get all the entries in your war-room in combination with a category filter for chat entries (see the documentation here.)

 

res = execute_command("getEntries", {"filter": {"categories": ["chats"]}})

 


Once you have all your chat entries (comments), you can save them to context and/or output them as a table.
Find below a simple script to get all the comments and save them to your context data.

 

L3 Networker

@AbelSantamarina , 

thanks this works very well.

Cheers!

PCSAE
  • 1 accepted solution
  • 1262 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!