Scripts in Cortex XSOAR enable you to
automate processes. In the context of SLA, you can create scripts
that will perform specific actions when the SLA is breached. Each
SLA script must include the SLA tag.
Cortex XSOAR comes with an out-of-the-box script,
called SendEmailOnSLABreach, that sends an email to specific users
when the script is triggered. By default, the script sends an email
to the incident assignee, but you can configure additional recipients
within the script.
When you create your own scripts, the following arguments are
automatically added, in addition to the basic elements provided
with every script (for example, current investigation and current
incident):
field - the current triggered SLA breach field object
(contains: name, cliName, threshold, etc).
fieldValue - the current triggered SLA field's value, for
example the startDate.
The following table lists the different
properties in the SLA timer field value:
Property
Type
Description
dueDate
Date
The date by which the SLA for this timer is
due.
breachTriggered
Boolean
Was the timer already in breach of the SLA.
sla
INT (in minutes)
The period defined as the SLA for this timer.
This is the value that you defined in the timer field.
endDate
Date
The date at which the SLA timer completed.
lastPauseDate
Date
The last date at which the SLA timer was paused.
startDate
Date
The date at which the SLA timer was started.
accumulatedPause
INT (in seconds)
The total number of seconds that the timer
was in a paused state.
totalDuration
INT (in seconds)
The total number of seconds that the timer
was running. This property is populated after the timer is stopped.
slaStatus
INT
Represents the Cortex XSOAR SLA status. Values
are:
0 - The SLA is within the alloted range.
1 - The SLA
is below the defined risk threshold.
2 - The SLA is in breach.
runStatus
String
Represents the current status of the timer.
Values are:
