Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

L5 Sessionator

Hi @oDarweesh2,


Running the AssignAnalystToIncident command with the roles parameter will assign the ticket to all the users that belong to that specific role. Run the command with the username parameter only.


If you're using a conditional task approach

Playbook steps I assume you currently have (Steps 1-3)

1. Assign the incident to the analyst

2. Analyst chooses the radio button option and clicks "Mark Completed". (Cannot be in quiet mode for custom automation solution)

3. Playbook step to set the Incident Categorisations

4. Custom automation that uses XSOAR REST API to URI /investigation/<Incident ID> (Check screenshot for more information) . In returned results find "Task Done" warroom entry for the conditional check in Step 2. Grab username who completed the task. 

Screen Shot 2023-01-23 at 7.19.59 pm.png

5. Assign the incident owner to the above username


Recommended Approach.

As you can see the above approach is complicate and requires a custom automation. I would recommend the below approach. 

Configure a Data Collection task to be a "Ask by Task". This is done by de-selecting all the options in "Select communication channels".

Screen Shot 2023-01-23 at 7.08.46 pm.png

Then create a field linked question.

Screen Shot 2023-01-23 at 7.11.09 pm.png

When the task is called it should look like the below during the playbook run. 

Screen Shot 2023-01-23 at 7.13.04 pm.png

When the analyst selects an answer, the field is updated directly and the user who submitted the answer is also captured in the context.

Screen Shot 2023-01-23 at 7.16.19 pm.png







Who rated this post