Follow a use case that uses a playbook to manage alerts in a Jira ticketing system.
In this use case, a Jira ticketing system is used to manage alerts and reduce duplicate tickets.
Issue: When an action is taken on an endpoint, some incidents contain multiple alerts for the same endpoint. If each alert runs a playbook on the same endpoint, duplicate tickets are created for each incident.
Solution: This playbook checks existing endpoints and Incident IDs and decides whether to create a new ticket or to add the data to an existing ticket, and therefore, reduces duplicate tickets in the incident.
The playbook flow is described in the following steps:
After checking that the Jira v3 integration is enabled, in this task the playbook adds the
EndpointFromAlertskey to the incident context by retrieving thealert.hostnameand using thesetParentIncidentContextscript.In this task, the playbook checks if there is an open ticket for the incident by retrieving the
parentIncidentContext.TicketID.If there is no open ticket, a new ticket is created in Jira and the TicketID is added to the Incident context.
If there is an open ticket, this task checks whether there is an open ticket for the endpoint by comparing the
alert.hostname(alert endpoint) to theparentIncidentContent.EndpointFromAlertskey.After retrieving the
alert.hostnamein theparentIncidentContext.EndpointFromAlertscontext, if there is no open ticket for the endpoint, the playbook updates the Jira ticket for the incident.In this example, you can see that the
EndpointFromAlertsandTicketIDhas been added to the incident context data.