I am new to the SOAR platform.
I want to fetch all active incidents and close the first one as part of a larger automation project.
I used query_builder to fetch all incidents.
Attempting to close the returned incident throws error showing TypeError :query_builder results are read only.
(1) Is there a way I can use to close the incident returned in the script?
(2) Running the script requires incident ID, is it possible to supply the incident ID from the incident returned from query_builder ?
query_builder.notEquals(fields.incident.plan_status, "C")
query = query_builder.build()
active_incidents_count = helper.getIncidentsCount(query)
all_active_incidents = helper.findIncidents(query)
incident_to_close=all_active_incidents[0]
incident_to_close.plan_status="C"