Post Processing for Incidents
You can set up a post-processing script to run after
an incident has been remedied, but before the incident is closed
in Cortex XSOAR.
After you remedy an incident, you may
want to perform additional actions on the incident, such as closing
a ticket in a ticketing system or sending out an email. You can
create a post-processing script to cover these scenarios.
If a post-processing script returns an error, the incident
does not close.
Arguments Exposed in the Post-Processing Script
These arguments are exposed in the post-processing script:
Contains the
username of user who closed the incident or
DBot
if
the incident was closed by DBot (for example, through a playbook).
Custom fields are set at closure either explicitly (through
the CLI) or implicitly (through Cortex XSOAR).
