Post Processing for Incidents

You can set up a post-processing script to run after an incident has been remedied, but before the incident is closed in Cortex XSOAR.
After you remedy an incident, you may want to perform additional actions on the incident, such as closing a ticket in a ticketing system or sending out an email. You can create a post-processing script to cover these scenarios.
If a post-processing script returns an error, the incident does not close.
Arguments Exposed in the Post-Processing Script
These arguments are exposed in the post-processing script:
  • closed
    (closed time)
  • status
  • openDuration
  • closeNotes
  • closingUserId
    Contains the username of user who closed the incident or
    if the incident was closed by DBot (for example, through a playbook).
  • Custom fields are set at closure either explicitly (through the CLI) or implicitly (through Cortex XSOAR).

Recommended For You