Create scripts that perform specific actions in Cortex XSOAR when the SLA is breached. Properties in the SLA timer field value.
When you create your scripts, the following arguments are automatically added, in addition to the basic elements provided with every script (for example, current investigation and current incident):
field
: The current triggered SLA breach field object (contains: name,cliName
,threshold
and more.).fieldValue
: The current triggered SLA field's value. For example thestartDate
.The following table lists the different properties in the SLA timer field value:
Property
Type
Description
dueDate
Date
The date by which the SLA for this timer is due.
breachTriggered
Boolean
Whether the timer was already in breach of the SLA.
sla
INT (in minutes)
The period is defined as the SLA for this timer. This is the value that you defined in the Timer field.
endDate
Date
The date at which the SLA timer is completed.
lastPauseDate
Date
The last date at which the SLA timer was paused.
startDate
Date
The date at which the SLA timer was started.
accumulatedPause
INT (in seconds)
The total number of seconds that the timer was in a paused state.
totalDuration
INT (in seconds)
The total number of seconds that the timer was running. This property is populated after the timer is stopped.
slaStatus
INT
Represents the Cortex XSOAR SLA status. Values are:
-1
: The SLA has not been set.0
: The SLA is within the allotted range.1
: The SLA is below the defined risk threshold.2
: The SLA is in breach.
runStatus
String
Represents the current status of the timer. Values are:
idle
running
paused
ended
See the following video for a practical example of creating an SLA script and how to use it in a playbook.