Scripts in Cortex XSOAR enable you to automate processes. In the context of SLA, you can create scripts that will perform specific actions when the SLA is breached. Each SLA script must include the SLA tag.
Cortex XSOAR comes with an out-of-the-box script, called SendEmailOnSLABreach, that sends an email to specific users when the script is triggered. By default, the script sends an email to the incident assignee, but you can configure additional recipients within the script.
When you create your own scripts, the following arguments are automatically added, in addition to the basic elements provided with every script (for example, current investigation and current incident):
field - the current triggered SLA breach field object (contains: name, cliName, threshold, etc.).
fieldValue - the current triggered SLA field's value, for example the startDate.
The following table lists the different properties in the SLA timer field value:
The date by which the SLA for this timer is due.
Whether the timer was already in breach of the SLA.
INT (in minutes)
The period defined as the SLA for this timer. This is the value that you defined in the Timer field.
The date at which the SLA timer completed.
The last date at which the SLA timer was paused.
The date at which the SLA timer was started.
INT (in seconds)
The total number of seconds that the timer was in a paused state.
INT (in seconds)
The total number of seconds that the timer was running. This property is populated after the timer is stopped.
Represents the Cortex XSOAR SLA status. Values are:
-1 - The SLA is not yet set.
0 - The SLA is within the allotted range.
1 - The SLA is below the defined risk threshold.
2 - The SLA is in breach.
Represents the current status of the timer. Values are: