IBM QRadar SOAR: Closing Incident with Playbooks: Difference between revisions

From Wiki
No edit summary
No edit summary
 
Line 21: Line 21:
incident.plan_status = "C"
incident.plan_status = "C"


incident.addNote("O Incidente foi finalizado.")
incident.addNote("Incident was closed.")
</nowiki>
</nowiki>


Latest revision as of 18:43, 11 June 2025

Simple playbook to close a Incident

Configuring the Playbook

In your playbook:

1) add or edit the Close Incident script.

Provide the following code: 

incident.resolution_id = "Resolved"

if incident.confirmed: 
  incident.resolution_summary = "Incident was closed with CONFIRMED."
else: 
  incident.resolution_summary = "Incident was closed with Unconfirmed."

incident.plan_status = "C"

incident.addNote("Incident was closed.")

Ver também

Retrieved from "https://ebasso.net/wiki/index.php?title=IBM_QRadar_SOAR:_Closing_Incident_with_Playbooks&oldid=9387"