Add Note Information Using an Automation Script - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Add note information to an incident using an automation script through the Cortex XSOAR REST API. Results are displayed in the General Purpose Dynamic Section.

This example shows how to add note information to an incident using an automation script through the API. For this script to run, you need to install the Cortex REST API content pack and add a Core REST API instance. You add the script to the automation page and then add the script to the incident layout builder using the General Purpose Dynamic Section.

  1. Go the Automation page and add the following script:

      id: ShowLastNoteUserAndDate
      version: -1
    name: ShowLastNoteUserAndDate
    script: |2
      function getLastNote(incidentID) {
          var body = {pageSize:1,categories:['notes']};
          var res = executeCommand('demisto-api-post', {uri:'/investigation/' + incidentID, body: body});
          if (isError(res[0])) {
              throw 'demisto-api-post failed for incidnet #'+incidentID+'\nbody is ' + JSON.stringify(body) + '\n' + JSON.stringify(res);
          if (!res[0].Contents.response.entries) {
              return null;
          var notes = res[0].Contents.response.entries;
          var lastNote = notes[notes.length-1];
          return lastNote;
      lastNote = getLastNote(incidents[0].id);
      if (lastNote) {
          md = `#### Update by ${lastNote.user} on ${lastNote.modified.split('T')[0]}\n`;
          md += `\n---\n`;
          md += lastNote.contents + '\n';
          return { ContentsFormat: formats.markdown, Type: entryTypes.note, Contents: md } ;
      } else {
          return 'N/A';
    type: javascript
    - dynamic-section
    enabled: true
    scripttarget: 0
    runonce: false
    runas: DBotWeakRole
  2. Select the incident type to add the script, by completing steps 1 to 5 in Add a Script to the Incident Layout.

  3. In the Automation script field, select the automation added in step 1.

  4. Go to the incident that you want to view the note information.

    You can see note information, containing the last user and date.