The preferred way is to just pass them down as function inputs. i.e. if you have "My Custom Field" in the UI its API name would usually be
my_custom_field
On your function defined some additional inputs to "carry" your properties like my_function_custom_field_1 then in your preprocessing script for the function just call the property into the input.
inputs.my_function_custom_field_1 = incident.properties.my_custom_field The alternate is to send down the incident ID as a function input (
inputs.my_function_incident_id = incident.id ) then in your function
resilient_client = self.rest_client()incident = resilient_client.get("/incidents/{}".format(my_function_incident_id) )
my_custom_field = incident['properties']['my_custom_field']I would strongly recommend
against this as functions should be designed without assuming fields or other fixed content in Resilient - this allows consumers of your app to choose what field they want to map to your input. I am just including it as it might be useful for some other cases.
I hope that helps and answers your question,
------------------------------
CRAIG R
------------------------------
Original Message:
Sent: Wed April 17, 2019 07:13 AM
From: Jojo Augustine
Subject: How to get the current incident details while adding a new artifact
Hi,
I am adding new artifact using 'Add Artifact' option and I need the details of the current incident which the artifact is being added using python code. Basically I need few property values (custom fields) from the current incident to invoke the client API while adding the artifact to get do the threat lookup service.
Thanks & Regards,
Jojo Augustine