Hi Shubham,
SOAR platform currently leverages artifact to relate cases. So if 2 cases share the same artifact, they will be related. Andy shared some documents to instruct you how to control the artifact's relate toggle.
However, I read you want to have your own logic to relate cases. I'd say there is no such capability in the platform, but you may try to disable all platform's controls (i.e. toggles on artifact type and all existing artifacts), and create a new custom artifact type, maybe named "my_related_keys", and keep that type's related control enabled, so you can script it per your own business logic.
Hope this helps.
------------------------------
Leo Kuo
------------------------------
Original Message:
Sent: Thu March 09, 2023 01:49 AM
From: Shubham Agarwal
Subject: Regarding Related Incidents
Hi Andy,
Thanks for your response but we want to control related incidents via script.
Is it possible to do that ? I dont see any functions or method defined in playbook designer guide.
------------------------------
Shubham Agarwal
Original Message:
Sent: Wed March 01, 2023 02:15 AM
From: Andy Su
Subject: Regarding Related Incidents
Hi,
Related incidents can be controlled by multiple places (https://www.ibm.com/docs/en/sqsp/48?topic=artifacts-incident-tab), depending on the scope and purposes when investigating related incidents:
Would you please refer to the above documentation and see if they could fulfill your use cases?
------------------------------
Andy Su
Original Message:
Sent: Sun February 26, 2023 01:16 PM
From: Shubham Agarwal
Subject: Regarding Related Incidents
Hi Team ,
Is their a way to control Related incidents feature in Resilient soar.
------------------------------
Shubham Agarwal
------------------------------