IBM Security QRadar SOAR

Is there a simple way to close an incident with a script? Alternatively any apps in app exchange that has this functionality?

------------------------------
Mark Aksen
------------------------------

Hi Mark,

I'm happy to say that, yes, we have that capability in an app: Incident Utils https://exchange.xforce.ibmcloud.com/hub/extension/52b73a41ea7ae93071f19c7e00f72be5. See the function for closing an incident. It does require a template to be used for setting the required fields for your environment. But the default template can be used as a guide for the standard required fields: Resolution and Resolution Summary.

Regards,
Mark

------------------------------
Mark Scherfling
------------------------------

Original Message:
Sent: Wed April 20, 2022 12:51 PM
From: Mark Aksen
Subject: Close incident with script

Is there a simple way to close an incident with a script? Alternatively any apps in app exchange that has this functionality?

------------------------------
Mark Aksen
------------------------------

Hi Mark Scherfling,

In my situation i passed input with appropriate values ​​but it didn't work for the purpose and didn't return error. I cannot close the incident using this function.

------------------------------
Dũng Đặng
------------------------------

Original Message:
Sent: Fri April 22, 2022 08:52 AM
From: Mark Scherfling
Subject: Close incident with script

Hi Mark,

I'm happy to say that, yes, we have that capability in an app: Incident Utils https://exchange.xforce.ibmcloud.com/hub/extension/52b73a41ea7ae93071f19c7e00f72be5. See the function for closing an incident. It does require a template to be used for setting the required fields for your environment. But the default template can be used as a guide for the standard required fields: Resolution and Resolution Summary.

Regards,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Wed April 20, 2022 12:51 PM
From: Mark Aksen
Subject: Close incident with script

Is there a simple way to close an incident with a script? Alternatively any apps in app exchange that has this functionality?

------------------------------
Mark Aksen
------------------------------

Hello  Dũng.

Simply speaking, the following 3 incident fields should be set at a time.

incident.resolution_id = "Resolved"
incident.resolution_summary = "Resolved"
incident.plan_status = "C"

Since incident.resolution_id is select type, its value should match the possible candidate. (just in case your orglocale is other than en) 

------------------------------
Yohji Amano
------------------------------

Original Message:
Sent: Wed April 20, 2022 12:51 PM
From: Mark Aksen
Subject: Close incident with script

Is there a simple way to close an incident with a script? Alternatively any apps in app exchange that has this functionality?

------------------------------
Mark Aksen
------------------------------

Hi Yohji Amano, 

Thanks for the quick answer
I fixed the above problem because I was missing incident fields with Requiremen: On Close.

------------------------------
Dũng Đặng
------------------------------

Original Message:
Sent: Fri June 28, 2024 03:14 AM
From: Yohji Amano
Subject: Close incident with script

Hello  Dũng.

Simply speaking, the following 3 incident fields should be set at a time.

incident.resolution_id = "Resolved"
incident.resolution_summary = "Resolved"
incident.plan_status = "C"

Since incident.resolution_id is select type, its value should match the possible candidate. (just in case your orglocale is other than en) 

------------------------------
Yohji Amano

Original Message:
Sent: Wed April 20, 2022 12:51 PM
From: Mark Aksen
Subject: Close incident with script

Is there a simple way to close an incident with a script? Alternatively any apps in app exchange that has this functionality?

------------------------------
Mark Aksen
------------------------------