Use Scripts with the Grid Field

Use scripts when creating grid fields for an incident. Grid field script. Manipulate and populate data in a grid field in Cortex XSOAR.
You can use scripts to manipulate and populate data in the Grid field. In this example, we will use the following scripts:
  • Automatically populate a column value when the grid is changed.
  • Create a new row in the grid manually or as part of a playbook.
If you select the
Lock
checkbox for a column, only a script can populate the values for that column. If a column is unlocked (default), the column values can be entered manually (by users), or by a script. For a script to be available in the
Script upon change
drop-down menu, it must have the
field-change-triggered
tag.

Grid Field Script Example

In this example, the grid is a shift summary for analysts, who can add comments for the incident during their shift. We want to use a script to automatically populate the
Date Logged
column with the current date when a user adds a new row to the grid.
Sample script
The
ShiftSummariesChange
script is called with an old value and a new value. The script operates in the following phases:
  • The script gets all new rows, and sets the Date Logged field to now (current day).
  • For each existing row, if the name matches, but the findings column is not updated, the Date Logged column is also updated.
  • The Shift Summaries field is saved with the new values using the
    setIncident
    command.

Add a Row to a grid Using a Script

During playbook execution if a malicious finding is discovered, you want to add that finding to a grid. You can use a script in the playbook to add a new row to the grid with the malicious finding.
Sample Script
This is a Python script, which requires 2 arguments:
  • fieldCliName
    : the machine name for the field for which you want to add a new row.
  • Row
    : the new row to add the grid. This is a JSON object in lower case characters, with no white space.
fieldCliName = demisto.args().get('field') currentValue = demisto.incidents()[0]["CustomFields"][fieldCliName]; if currentValue is None: currentValue = [json.loads(demisto.args().get('row'))] else: currentValue.append(json.loads(demisto.args().get('row'))) val = json.dumps({ fieldCliName: currentValue }) demisto.results(demisto.executeCommand("setIncident", { 'customFields': val }))

Recommended For You