As part of the incident investigation process, you may need to assign incoming data to an incident field.
This example automation sets the incident details field to a message argument passed into the script.
Create an automation and use the Settings button to add a mandatory argument message.
Use the basic automation template to create the following code.
The
demisto.args()
function accesses the argument passed to the automation. Arguments are passed as a dictionary and can be accessed by the argument name as a dictionary key.The
demisto.executeCommand()
function with thesetIncident
command sets the value of an incident field. The command parameters are passed as a dictionary with the details incident field name as the key and the message value as the value.def main(): try: mesgValue = demisto.args()['message'] demisto.executeCommand("setIncident", {'details': mesgValue} ) except Exception as ex: demisto.error(traceback.format_exc()) return_error("Failed to execute setIncident: " + str(ex) ) if __name__ in ("__main__", "__builtin__", "builtins"): main()
If any exceptions occur, the
demisto.error()
function logs the exception traceback to the Cortex XSOAR server log and thereturn_error()
function displays the error in the War Room.Save the completed automation and in the playground run the automation to test it. View the context and verify the
incident.details
value.