Create scripts to perform specific actions in Cortex XSOAR when the SLA is breached. Properties in the SLA timer field value.
Scripts in Cortex XSOAR enable you to automate processes. In the context of SLA, you can create scripts that will perform specific actions when the SLA is breached. Each SLA script must include the SLA tag.
You can use an out-of-the-box script and attach it to an incident field.
Send an email when the SLA is overdue
Cortex XSOAR comes with an out-of-the-box script, called SendEmailOnSLABreach, that sends an email to specific users when the script is triggered. You can add this to any incident field as required. For example, add the script to the Remediation SLA incident, so that when an SLA/Timer is breached, an email is sent automatically. By default, the script sends an email to the incident assignee, but you can manually edit the script to add additional recipients..
Stop and start different timers in an incident field
In the following example, you want to stop the Time To Assignment timer when an owner is assigned and start the Remediation SLA timer.
If you have not done so already, download the CaseManagement-Generic content pack. This content pack includes the TimersOnOwnerChange script.
Go to
→ → → →Edit the Owner field.
In the Script to run when field value changes field, add the TimersOnOwnerChange script.
Save the field.
(Optional) Test the field change.
Open an unassigned incident and in the CLI type
!startTimer timeField=timetoassignment
.In the War Room, the field returns the new value from idle to running.
Go to the Incident Info tab and add an owner.
In the War Room, you should see that the Time to Assignment has ended and the Remediation SLA has started: