You can set up a post-processing script to run after an incident has been remediated, but before the incident is closed in Cortex XSOAR.
After you remediate an incident, you may want to perform additional actions on the incident, such as closing a ticket in a ticketing system or sending out an email. You can create a post-processing script to cover these scenarios.
Note
If a post-processing script returns an error, the incident does not close.
You need to Create a Post-Processing Script and then Add a Post-Processing Script to the Incident Type.
Arguments Available in a Post-Processing Script
These arguments are available for use in the post-processing script:
closed
- The incident closed time.status
openDuration
closeNotes
closingUserId
- The username of the user who closed the incident, orDBot
if the incident was closed by DBot (for example, through a playbook).closeReason
Any other field values passed in at closure, whether through the incident close form, the CLI, or a playbook task.