Follow a use case that uses a playbook to manage alerts in a Jira ticketing system.
In this use case, a Jira ticketing system is used to manage alerts and reduce duplicate tickets.
Issue: When an action is taken on an endpoint, some incidents contain multiple alerts for the same endpoint. If each alert runs a playbook on the same endpoint, duplicate tickets are created for each incident.
Solution: This playbook checks existing endpoints and Incident IDs and decides whether to create a new ticket or to add the data to an existing ticket, and therefore, reduces duplicate tickets in the incident.
The playbook flow is described in the following steps:
After checking that the Jira v3 integration is enabled, in this task the playbook adds the
EndpointFromAlerts
key to the incident context by retrieving thealert.hostname
and using thesetParentIncidentContext
script.In this task, the playbook checks if there is an open ticket for the incident by retrieving the
parentIncidentContext.TicketID
.If there is no open ticket, a new ticket is created in Jira and the TicketID is added to the Incident context.
If there is an open ticket, this task checks whether there is an open ticket for the endpoint by comparing the
alert.hostname
(alert endpoint) to theparentIncidentContent.EndpointFromAlerts
key.After retrieving the
alert.hostname
in theparentIncidentContext.EndpointFromAlerts
context, if there is no open ticket for the endpoint, the playbook updates the Jira ticket for the incident.In this example, you can see that the
EndpointFromAlerts
andTicketID
has been added to the incident context data.