Oh, that's easier, thanks.
Original Message:
Sent: Tue February 27, 2024 09:23 AM
From: Pierre Dufresne
Subject: Add Customized Artifact to Incident with Scripts
Hi,
According to this documentation (https://www.ibm.com/docs/en/sqsp/51?topic=scripts-incident-operations), the addArtifact "Returns an artifact script object for further customization.". So, I think you could do something like this:
NewArtifact = addArtifact(type, value, description)
NewArtifact.source = True
or
NewArtifact.destination = True
"source" and "destination" are the names of the boolean fields you need to update.
HTH
------------------------------
Pierre Dufresne
Original Message:
Sent: Mon February 26, 2024 11:52 AM
From: Joao Joao Baptista Dias Moreira
Subject: Add Customized Artifact to Incident with Scripts
Hi everyone,
I am working in a playbook that programatically adds artifacts to an incident. When an incident is created, I parse the description and get a list of strings describing ips and urls. I can loop through these and add them as artifacts through the addArtifact()
method. My problem is that, according to this documentation, this method seems to accept only type
, value
and description
as input parameters. I would like to specify the IPs as of source or destination types, which I can access through artifact.ip["source"]
or artifact.ip["destination"]
.
From the same documentation, It seems that the incident methods and fields do not allow me to directly access associated artifacts. If that is the case, what is the best way for me to enrich these ip artifacts with this information?
Regards,
------------------------------
Joao Joao Baptista Dias Moreira
------------------------------