You can enhance your incident investigation by adding an incident field that shows data in table format.
This example automation creates a field called gridfield that has a type Grid (table) with two columns named Column1 and Column2. Before saving it, delete the one empty row.
Choose an incident layout and in the Incident Layout Builder, add a section for displaying the new gridfield field.
Add the gridfield incident field to the layout.
Use the basic automation template to create the following code.
With the field and layout created, create an automation to update the rows of a grid field with a dictionary of rows and columns converted to JSON.
Note
The column names in the dictionary are referred to by their machine names, which in this example is lower case column1 versus Column1 as displayed in the field and layout. If the column names and order in the dictionary do not match the machine names and order of the columns in the grid field, the update is ignored.
The new grid dictionary,
gridDict, is assigned in a dictionary with the name of the field,gridfield, as the key and converted to a JSON string by thejson.dumps()Python function.The grid rows are updated by the
demisto.executeCommand()function, settingcustomFieldsto the field values in thegridRowsdictionary.def main(): try: gridDict = { "column1": "This is column 1", "column2": "This is column 2" } gridRows = json.dumps({ "gridfield": gridDict }) results = demisto.executeCommand("setIncident", { 'customFields': gridRows }) return_results(results) except Exception as ex: demisto.error(traceback.format_exc()) return_error("Failed updating grid field: " + str(ex) ) if __name__ in ("__main__", "__builtin__", "builtins"): main()