Hi Mario,
In addition you can just remove the piece of code that correlates tickets based on subject. Then the script will just create a new offense every email.
In Customization Settings > Scripts > Sample script: process inbound email (v32.2) modify the following section to look like this:
Comment out the query builder that searches for similar incidents.
Then in the if/else statement comment out the else statement (that's the part that if there is already an incident with the name it'll "associate with incident" instead of creating a new one.
Make sure to keep (and remove the tab) the line in red below. That will make sure that Resilient will create a new incident for each email.
# Check to see if a similar incident already exists
# We will search for an incident which has the same name as we would give a new incident
#query_builder.equals(fields.incident.name, newIncidentTitle)
#query_builder.equals(fields.incident.plan_status, "Active")
#query = query_builder.build()
#incidents = helper.findIncidents(query)
#if len(incidents) == 0:
# A similar incident does not already exist. Create a new incident and associate the email with it.
log.info(u"Creating new incident {0}".format(newIncidentTitle))
# Create an incident with a title based on the email subject, owned identified by variable newIncidentOwner
emailmessage.createAssociatedIncident(newIncidentTitle, newIncidentOwner)
# Add the subject to the incident as an artifact, and set the incident reporter.
# This does not need to be done for an existing incident.
processor.addBasicInfoToIncident()
#else:
# A similar incident already exists. Associate the email with this preexisting incident.
#log.info("Associating with existing incident {0}".format(incidents[0].id))
#emailmessage.associateWithIncident(incidents[0])
In the end your code should look like this. (The lines that will actually run)
emailmessage.createAssociatedIncident(newIncidentTitle, newIncidentOwner)
processor.addBasicInfoToIncident()
Hope this is helpful.
Adina
------------------------------
Adina Bodkins
------------------------------
Original Message:
Sent: Fri December 27, 2019 01:11 AM
From: Alexander Saulenko
Subject: Generic Email Parsing script not creating new tickets
Hi Mario,
You need to go to the "customization settings -> Scripts -> Sample script: process inbound email (v32.2)"
Find the string 530:
newIncidentTitle = u"Incident generated from email \"{0}\" via mailbox {1}".format(emailmessage.subject, emailmessage.inbound_mailbox)
and modify it.
As an example:
newIncidentTitle = u"Incident generated from email \"{0}\" at {1}".format(emailmessage.subject, emailmessage.received_date)
BR,
Alex
------------------------------
Alexander Saulenko
Original Message:
Sent: Thu December 26, 2019 01:48 PM
From: Mario Citarella
Subject: Generic Email Parsing script not creating new tickets
Anyone know how to customize the title given to the ticket not to come from the email subject? The issue Im having is that many of my alerts have the same generic title, and resilient ends up enriching an existing ticket instead of generating a new one.
------------------------------
Mario Citarella
------------------------------