Hi Umair,
I don't know if this could help you but here is how I would do it.
In your script, you should have the emailmessage.createAssociatedIncident(...,...) operation. After this operation, the top-level incident variable is set so you can assign it an incident type like this:
incident.incident_type_ids = "Phishing"
Now, you could create a new automatic playbook with the following conditions: "incident is created" and "incident.incident_type_ids = "Phishing".
When the script finishes treating the received email, the new created incident will start your phishing playbook.
You can also add a Notification with a similar condition: Incident type is equal to "Phishing" and have it sent to the owner you specified in the second parameter of the createAssociatedIncident operation, which is probably the name of a group.
HTH
------------------------------
Pierre Dufresne
------------------------------
Original Message:
Sent: Mon October 16, 2023 12:29 PM
From: Umair Khan
Subject: Phishing Playbook
hello community,
i am trying to create a phishing playbook for that i configured inbound email connection, add script to extract artifact and rule to automatically create incident whenever i have email on inbox,
Now i want to know how can i call that specific incident in playbook which was created from mailbox to inform the relevant team about this incident along with attached artifacts.
------------------------------
Umair Khan
------------------------------