-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathautomation-CherwellGetIncident.yml
156 lines (137 loc) · 5.42 KB
/
automation-CherwellGetIncident.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
args:
- auto: PREDEFINED
description: Type of ID.
name: id_type
predefined:
- public_id
- record_id
required: true
- description: Public ID or record ID.
name: id_value
required: true
comment: This script is an example script of how to retrieve an incident from Cherwell.
The script wraps the cherwell-get-business-object command of the cherwell integration.
When writing your own script to get a business object, follow the instructions found
in the configuration section of the script, but do not change the execution section.
commonfields:
id: CherwellGetIncident
version: -1
dependson:
must:
- Cherwell|||cherwell-get-business-object
dockerimage: demisto/python3:3.7.2.214
name: CherwellGetIncident
outputs:
- contextPath: Cherwell.BusinessObjects.RecordId
description: Recoed ID
type: String
- contextPath: Cherwell.BusinessObjects.PublicId
description: Public ID
type: String
- contextPath: Cherwell.BusinessObjects.Description
description: Incident description
type: String
- contextPath: Cherwell.BusinessObjects.Priority
description: Incident ptiority
type: Number
- contextPath: Cherwell.BusinessObjects.OwnedBy
description: Incident owned by field
type: String
- contextPath: Cherwell.BusinessObjects.Service
description: Service needed for the incident
type: String
- contextPath: Cherwell.BusinessObjects.CustomerDisplayName
description: 'Incident reporting customer '
type: String
- contextPath: Cherwell.BusinessObjects.CreatedDateTime
description: Created date time
type: Date
- contextPath: Cherwell.BusinessObjects.TotalTasks
description: Total tasks for this incident
type: Number
runonce: false
script: |2-
args = demisto.args()
# ####################################################################################
# ############################## CONFIGURATION PART ##################################
# ####################################################################################
"""
`BUSINESS_OBJECT_TYPE` is the name of business object you wish to retrieve using this script.
In this case we set it to be 'incident' as this script is in charge of retrieving incidents.
"""
BUSINESS_OBJECT_TYPE = 'Incident'
"""
`OUTPUT_FIELDS` should contain all the fields you wish to include in the returned business object.
Make sure the field name is identical to the field name in the Cherwell system.
In order for the fields to appear in the script outputs you will need to to update the script outputs
(found in the script settings).
For example: we wished to retrieve an incident such that the fields: RecordID, Description, Priority,
CustomerDisplayName, etc., will appear in the returned object, thus, we added all of those field names
to this `OUTPUT_FIELDS` variable.
In addition, we added the field names to the script outputs so they will appear as an official output of
the script, using the following syntax: Cherwell.BusinessObjects.RecordID, Cherwell.BusinessObjects.PublicID,
Cherwell.BusinessObjects.Description, Cherwell.BusinessObjects.Priority, etc.
Make sure to leave the prefix of the output definition (`Cherwell.BusinessObjects`) identical to what you have filed in
the `OUTPUT_PATH` variable.
"""
OUTPUT_FIELDS = [
'RecordId',
'PublicId',
'Description',
'Priority',
'CustomerDisplayName',
'OwnedBy',
'Service',
'CreatedDateTime',
'TotalTasks'
]
"""
`OUTPUT_PATH` is the path where all retrieved business objects will appear after. You can modify this path if you wish,
but remember to change the output prefix in the integration outputs as well.
"""
OUTPUT_PATH = 'Cherwell.BusinessObjects'
# ####################################################################################
# ############################## EXECUTION PART ######################################
# ####################################################################################
def build_arguments():
arguments = {
'type': BUSINESS_OBJECT_TYPE,
'id_type': args.get('id_type'),
'id_value': args.get('id_value')
}
return arguments
def build_context(object_dict, filter_fileds):
sanitized_business_object = {}
for key, value in object_dict.items():
if key in filter_fileds:
sanitized_business_object[key] = value
return sanitized_business_object
def build_output_list():
output_fields = OUTPUT_FIELDS
if 'RecordId' not in output_fields:
output_fields.append('RecordId')
if 'PublicId' not in output_fields:
output_fields.append('PublicId')
return output_fields
result = demisto.executeCommand('cherwell-get-business-object', build_arguments())[0]
business_object = list(result.get('EntryContext').items())[0][1]
md = tableToMarkdown('{0}: {1}'.format(BUSINESS_OBJECT_TYPE.capitalize(), args.get("id_value")),
business_object,
headers=build_output_list(),
headerTransform=pascalToSpace)
context = build_context(business_object, build_output_list())
demisto.results({
'Type': result.get('Type'),
'ContentsFormat': result.get('ContentsFormat'),
'Contents': result.get('Contents'),
'HumanReadable': md,
'EntryContext': {
f'{OUTPUT_PATH}(val.RecordId == obj.RecordId)': context
}
})
scripttarget: 0
subtype: python3
system: true
tags:
- Cherwell
type: python