Add Note Information Using an Automation Script - Administrator Guide - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.5
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Add note information to an incident using an automation script through the Cortex XSOAR REST API using the General Purpose Dynamic Section in the incident layout builder.

This example shows how to add note information to an incident using an automation script through the API. For this script to run, you need to install the Cortex REST API content pack and add a Core REST API instance. You add the script to the automation page and then add the script to the incident layout builder using the General Purpose Dynamic Section.

  1. Go the Automation page and add the following script:

    commonfields:
      id: ShowLastNoteUserAndDate
      version: -1
    name: ShowLastNoteUserAndDate
    script: |2
    
      function getLastNote(incidentID) {
          var body = {pageSize:1,categories:['notes']};
          var res = executeCommand('demisto-api-post', {uri:'/investigation/' + incidentID, body: body});
          if (isError(res[0])) {
              throw 'demisto-api-post failed for incidnet #'+incidentID+'\nbody is ' + JSON.stringify(body) + '\n' + JSON.stringify(res);
          }
          if (!res[0].Contents.response.entries) {
              return null;
          }
          var notes = res[0].Contents.response.entries;
          var lastNote = notes[notes.length-1];
          return lastNote;
      }
    
      lastNote = getLastNote(incidents[0].id);
    
      if (lastNote) {
          md = `#### Update by ${lastNote.user} on ${lastNote.modified.split('T')[0]}\n`;
          md += `\n---\n`;
          md += lastNote.contents + '\n';
    
          return { ContentsFormat: formats.markdown, Type: entryTypes.note, Contents: md } ;
      } else {
          return 'N/A';
      }
    type: javascript
    tags:
    - dynamic-section
    enabled: true
    scripttarget: 0
    runonce: false
    runas: DBotWeakRole
    
  2. Select the incident type to add the script, by completing steps 1 to 5 in Add a Script to the Incident Layout.

  3. In the Automation script field, select the automation added in Step 1.

    incident-dynamic.png
  4. Go to the incident that you want to view the note information.

    You can see note information, containing the last user and date.

    incident-note.png