- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-23-2023 12:22 AM
Hi @oDarweesh2,
Running the AssignAnalystToIncident
command with the roles parameter will assign the ticket to all the users that belong to that specific role. Run the command with the username parameter only.
If you're using a conditional task approach
Playbook steps I assume you currently have (Steps 1-3)
1. Assign the incident to the analyst
2. Analyst chooses the radio button option and clicks "Mark Completed". (Cannot be in quiet mode for custom automation solution)
3. Playbook step to set the Incident Categorisations
4. Custom automation that uses XSOAR REST API to URI /investigation/<Incident ID
> (Check screenshot for more information) . In returned results find "Task Done" warroom entry for the conditional check in Step 2. Grab username who completed the task.
5. Assign the incident owner to the above username
Recommended Approach.
As you can see the above approach is complicate and requires a custom automation. I would recommend the below approach.
Configure a Data Collection task to be a "Ask by Task". This is done by de-selecting all the options in "Select communication channels".
Then create a field linked question.
When the task is called it should look like the below during the playbook run.
When the analyst selects an answer, the field is updated directly and the user who submitted the answer is also captured in the context.