Add or configure a playbook to run SLA timers.
To run a timer, it must be run in a playbook task, a script, or manually in the CLI.
You can set a Timer/SLA field to start running by doing the following:
In a Timer/SLA field such as the
Time To Assignmentfield, you can control all incidents that use the field regardless of the playbook configured for them by configuring a script to run when the Owner field changes.. This method automatically stops the timer when an analyst is assigned. See Automate changes to incident fields using SLA scripts. The advantages of using this option are scalability and consistency.Stop the field through a playbook. The Timer/SLA field can be triggered to start, pause, or stop when a certain task occurs. For example, a timer can be triggered to stop for the
Time to Assignfield when the incident is assigned an owner, and to immediately start the timer for theTime to Remediationfield.
In a playbook, you add timers to specific tasks to manage SLAs.
When defining a Timer in a task or section header, in the Timers tab, select the action that you want the timer to perform for the task.
Note
If creating tasks for SLAs they do not have to execute anything. You can also use section headers.
Valid options are:
Option | Description |
|---|---|
| Starts the timer. NoteTimers are not started automatically when an incident is created. |
| Pauses the timer. |
| Stops the timer. NoteTimers are automatically stopped when an incident is closed. After a timer is stopped, you can only reset a timer using the resetTimer command in the CLI. |
Some playbooks, such as Phishing - Generic v3, comeout-of-the-box with SLA timer tasks included. If you need the same timers across use cases, create a sub-playbook based on your use case or conditions such as incident severity.
Although you can create your own SLA sub-playbooks, the CaseManagement - Generic content pack includes several SLA playbooks, which you can configure. For more information, see the CaseManagement - Generic content pack.
The Case Management - Generic - Start SLA Timers playbook starts the Time to Assignment or Remediation SLA timers field based on whether an owner is assigned to the Incident. You can add this as a sub-playbook to your use case.
Note
When a task or section has a Timer/SLA action configured, it displays the hourglass icon.
The first task is a conditional task which determines whether an
incident.ownerhas been assigned.
On the left-hand side task, if no owner is assigned the Time to Assignment timer starts.
The Print script returns details to the War Room confirming that the script has started to run.
On the right-hand side task, if an owner is assigned the Remediation SLA timer starts.
Note
If you want to stop or pause a timer in a playbook, you can use an existing or create a section header/task. When you select Timer.stop, the run is considered finished and cannot be restarted without setting it to zero. If you want to restart the timer, select Timer.pause so you do not lose the accumulated time. By default, all timers stop when the incident closes.
Add the sub-playbook to the main playbook, as required.
This playbook sets the SLAs for incidents, the Time to Assignment Timer, and the Remediation SLA Timer based on the incident severity using playbook inputs. For example, set the number of minutes for incident and remediation SLAs for critical incidents. For more information, see Case Management - Generic - Set SLAs based on Severity. Add this as a sub-playbook to your use case.
Alternatively, create a playbook or script to modify SLA fields based on certain conditions. For example, in the Set Severity to Medium task, you can add an SLA such as Time to Assignment 15 minutes where there is high severity (3).
