IBM QRadar SOAR: Closing Incident with Playbooks: Difference between revisions
(Created page with "Simple playbook to close a Incident == Configuring the Playbook == 346x599px In your playbook: 1) add or edit the '''Get Artifacts''' script. Provide the following code: <nowiki> incident.resolution_id = "Resolved" if incident.confirmed: incident.resolution_summary = "Incident was closed with CONFIRMED." else: incident.resolution_summary = "Incident was closed with Unconfirmed." incident.plan_status = "C" incident.addNote("...") |
|||
| Line 7: | Line 7: | ||
In your playbook: | In your playbook: | ||
1) add or edit the ''' | 1) add or edit the '''Close Incident''' script. | ||
Provide the following code: | Provide the following code: | ||
Revision as of 18:42, 11 June 2025
Simple playbook to close a Incident
Configuring the Playbook
In your playbook:
1) add or edit the Close Incident script.
Provide the following code:
incident.resolution_id = "Resolved"
if incident.confirmed:
incident.resolution_summary = "Incident was closed with CONFIRMED."
else:
incident.resolution_summary = "Incident was closed with Unconfirmed."
incident.plan_status = "C"
incident.addNote("O Incidente foi finalizado.")