Create a Post-Processing Script - Administrator Guide - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.5
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Create a post-processing script to run after a Cortex XSOAR incident has been remedied.

This procedure describes how to create a post-processing script after an incident has been remedied.

  1. Select AutomationNew Automation.

  2. Type a name for the post-processing script and click Save.

  3. In the Tags field, from the dropdown list select Post-processing.

  4. Add fields as required.

  5. Click Save.

  6. Add a Post-Processing Script to the Incident Type.

    The following script example requires the user to verify all To Do tasks before closing an incident. Before you start, you need to configure a Cortex XSOAR REST API instance.

    inc_id = demisto.incidents()[0].get('id')
    tasks = list(demisto.executeCommand("core-api-get", {"uri": "/todo/{}".format(inc_id)})[0]['Contents']['response'])
    
    if tasks:
    
        for task in tasks:
    
            if not task.get("completedBy"):
                return_error("Please complete all ToDo tasks before closing the incident")
                break