Add Note Information Using an Automation Script - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2024-02-22
Category
Administrator Guide
Abstract

Add note information to an incident using a script through the Cortex XSOAR REST API.

This example shows how to add note information to an incident using a script through the API. For this script to run, you need to install the Cortex REST API content pack and add a Core REST API instance. You add the script to the Scripts page and then add the script to the incident layout builder using the General Purpose Dynamic Section.

  1. Go the Scripts page and add the following script:

    commonfields:
      id: ShowLastNoteUserAndDate
      version: -1
    name: ShowLastNoteUserAndDate
    script: |2
    
      function getLastNote(incidentID) {
          var body = {pageSize:1,categories:['notes']};
          var res = executeCommand('demisto-api-post', {uri:'/investigation/' + incidentID, body: body});
          if (isError(res[0])) {
              throw 'demisto-api-post failed for incidnet #'+incidentID+'\nbody is ' + JSON.stringify(body) + '\n' + JSON.stringify(res);
          }
          if (!res[0].Contents.response.entries) {
              return null;
          }
          var notes = res[0].Contents.response.entries;
          var lastNote = notes[notes.length-1];
          return lastNote;
      }
    
      lastNote = getLastNote(incidents[0].id);
    
      if (lastNote) {
          md = `#### Update by ${lastNote.user} on ${lastNote.modified.split('T')[0]}\n`;
          md += `\n---\n`;
          md += lastNote.contents + '\n';
    
          return { ContentsFormat: formats.markdown, Type: entryTypes.note, Contents: md } ;
      } else {
          return 'N/A';
      }
    type: javascript
    tags:
    - dynamic-section
    enabled: true
    scripttarget: 0
    runonce: false
    runas: DBotWeakRole
    
  2. Select the incident type to add the script, by completing the steps in Add a Script to the Incident Layout.

  3. In the Automation script field, select the script added in step 1.

    incident-dynamic.png
  4. Go to the incident that you want to view the note information.

    You can see note information, containing the last user and date.

    incident-note.png