Add note information to an incident using a script through the Cortex XSOAR REST API.
This example shows how to add note information to an incident using a script through the API. For this script to run, you need to install the Cortex REST API content pack and add a Core REST API instance. You add the script to the Scripts page and then add the script to the incident layout builder using the General Purpose Dynamic Section.
Go the Scripts page and add the following script:
commonfields: id: ShowLastNoteUserAndDate version: -1 name: ShowLastNoteUserAndDate script: |2 function getLastNote(incidentID) { var body = {pageSize:1,categories:['notes']}; var res = executeCommand('demisto-api-post', {uri:'/investigation/' + incidentID, body: body}); if (isError(res[0])) { throw 'demisto-api-post failed for incidnet #'+incidentID+'\nbody is ' + JSON.stringify(body) + '\n' + JSON.stringify(res); } if (!res[0].Contents.response.entries) { return null; } var notes = res[0].Contents.response.entries; var lastNote = notes[notes.length-1]; return lastNote; } lastNote = getLastNote(incidents[0].id); if (lastNote) { md = `#### Update by ${lastNote.user} on ${lastNote.modified.split('T')[0]}\n`; md += `\n---\n`; md += lastNote.contents + '\n'; return { ContentsFormat: formats.markdown, Type: entryTypes.note, Contents: md } ; } else { return 'N/A'; } type: javascript tags: - dynamic-section enabled: true scripttarget: 0 runonce: false runas: DBotWeakRole
Select the incident type to add the script, by completing the steps in Add a Script to the Incident Layout.
In the Automation script field, select the script added in step 1.
Go to the incident that you want to view the note information.
You can see note information, containing the last user and date.