Go to the
customisation
>
field
in the
search bar
look for
incident
and select
incident type
You can see the api name used when you run scripts
to run your action, go to
customization
>
rule
>
new
>
menu item
and select on which object type you want to run the rule (incident, artifact...)
on condiction, select the field
incident type
+
has one off
and the types you want
malware
for example;
and run the script or the workflow you wich
if the action is in a script (or use python list conditions):
if incident.incident_type_ids == "Malware":
------------------------------
BENOIT ROSTAGNI
------------------------------
Original Message:
Sent: Tue October 12, 2021 10:10 AM
From: Mohsin Ali
Subject: Conditions based on Incident Type
I am writing a function where the conditions will be as following
If incident type = malware then perform X action . How to get this working as I am unable to get the incident type in python code / scripts / and pre processing script .
------------------------------
Mohsin Ali
------------------------------