Use a playbook, script, or command to update incident fields.
Sometimes you need to update incident fields based on a change in an alert. For example, after starting an investigation an analyst might want to change the name of an incident, star an incident, or change the status of an incident.
You can update the following incident fields through a playbook, script, or command:
manual_severitystarredassigned_user_emailstatusscoreincident_namedescription
The following sections explain how to update incident fields by running a command in the CLI, and running a script, and running a playbook.
When running a playbook, by default the data is added to the alert context data and alert fields. You can additionally add this data to incident context data and incident fields by configuring tasks in a playbook.
The following example explains how to add tasks to a playbook that update the incident fields to star an incident, and add the key starred: true to the incident context data.
Add the following tasks to a new or existing playbook.
Create a Conditional task to check whether the parent incident fields are starred using the
${parentIncidentFields.starred}key.Create a standard task using the
setParentIncidentFieldsscript to update the starred field.Create a standard task to print the value to the War Room.
Run the playbook.
In the incident context data, you can see the key
starred: true. If running in an alert or an incident, after refreshing the incident, the incident is now starred.