Create scripts that perform specific actions in Cortex XSOAR when the SLA is breached. Properties in the SLA timer field value.
When you create your scripts, the following arguments are automatically added, in addition to the basic elements provided with every script (for example, current investigation and current incident):
field: The current triggered SLA breach field object (contains: name,cliName,thresholdand more.).fieldValue: The current triggered SLA field's value. For example thestartDate.The following table lists the different properties in the SLA timer field value:
Property
Type
Description
dueDateDate
The date by which the SLA for this timer is due.
breachTriggeredBoolean
Whether the timer was already in breach of the SLA.
slaINT (in minutes)
The period is defined as the SLA for this timer. This is the value that you defined in the Timer field.
endDateDate
The date at which the SLA timer is completed.
lastPauseDateDate
The last date at which the SLA timer was paused.
startDateDate
The date at which the SLA timer was started.
accumulatedPauseINT (in seconds)
The total number of seconds that the timer was in a paused state.
totalDurationINT (in seconds)
The total number of seconds that the timer was running. This property is populated after the timer is stopped.
slaStatusINT
Represents the Cortex XSOAR SLA status. Values are:
-1: The SLA has not been set.0: The SLA is within the allotted range.1: The SLA is below the defined risk threshold.2: The SLA is in breach.
runStatusString
Represents the current status of the timer. Values are:
idlerunningpausedended
See the following video for a practical example of creating an SLA script and how to use it in a playbook.