You can set up a post-processing script to run after an incident has been remediated, but before the incident is closed in Cortex XSOAR.
After you remediate an incident, you may want to perform additional actions on the incident, such as closing a ticket in a ticketing system or sending out an email. You can create a post-processing script to cover these scenarios.
If a post-processing script returns an error, the incident does not close.
Arguments Available in a Post-Processing Script
These arguments are available for use in the post-processing script:
closed- The incident closed time.
closingUserId- The username of the user who closed the incident, or
DBotif the incident was closed by DBot (for example, through a playbook).
Any other field values passed in at closure, whether through the incident close form, the CLI, or a playbook task.