End-of-Life (EoL)

Use Scripts with the Grid Field

Use scripts when creating grid fields for an incident.
You can use scripts to manipulate and populate data in the Grid field. In this example, we will use the following scripts:
  • Automatically populate a column value when the grid is changed.
  • Create a new row in the grid manually or as part of a playbook.
If you select the
Lock
checkbox for a column, only a script can populate the values for that column. If a column is unlocked (default), the column values can be entered manually (by users), or by a script. For a script to be available in the
Script upon change
drop-down menu, it must have the
field-change-triggered
tag.

Grid Field Script Example

In this example, the grid is a shift summary for analysts, who can add comments for the incident during their shift. We want to use a script to automatically populate the
Date Logged
column with the current date when a user adds a new row to the grid.
Sample script
The
ShiftSummariesChange
script is called with an old value and a new value. The script operates in the following phases:
  • The script gets all new rows, and sets the Date Logged field to now (current day).
  • For each existing row, if the name matches, but the findings column is not updated, the Date Logged column is also updated.
  • The Shift Summaries field is saved with the new values using the
    setIncident
    command.

Add a Row to a grid Using a Script

During playbook execution if a malicious finding is discovered, you want to add that finding to a grid. You can use a script in the playbook to add a new row to the grid with the malicious finding.
Sample Script
This is a Python script, which requires 2 arguments:
  • fieldCliName
    : the machine name for the field for which you want to add a new row.
  • Row
    : the new row to add the grid. This is a JSON object in lower case characters, with no white space.
fieldCliName = demisto.args().get('field') currentValue = demisto.incidents()[0]["CustomFields"][fieldCliName]; if currentValue is None: currentValue = [json.loads(demisto.args().get('row'))] else: currentValue.append(json.loads(demisto.args().get('row'))) val = json.dumps({ fieldCliName: currentValue }) demisto.results(demisto.executeCommand("setIncident", { 'customFields': val }))

Recommended For You