Incident operations

The incident operations can be used with any Object Type for the script.

The object contains the incident data and additional helper methods. The incident data contains only data from incident fields; it does not contain its notes, task, milestones, artifacts, or attachments.

Type incident. to access data from a specific incident field or execute a helper method. The field names and helper methods appear in a type-ahead box as you type.

Note: When changing the state of an incident field, use 'C', 'A', or 'O' instead of Closed, Active or Open, respectively. For example, use 
"incident.plan_status = 'C'"
instead of 
"incident.plan_status = 'Closed'"

The following table describes the helper methods.

Operation Description 
addArtifact(type, value, description)

Adds an artifact to the incident with the given type, value, and description. Returns an Artifact script object for further customization.

 
addEmailAttachment(id)
addEmailAttachment(id, filename,
 content_type)

Attaches the email attachment to the incident and returns the attachment object to the incident. The returned attachment object can then be acted on by other script operations.

Refer to the end of this table for more information. 

addMilestone(title, description, date)

Adds a milestone to the incident with the given title, description, and date. Returns a Milestone script object for further customization.

 
addNote(text)

Adds a note to the incident with the given text. Returns a Note script object for further customization.

 
addRow(name)

Adds a row to the named data table on the incident. Returns a Row script object for further customization.

 
addTask(name, phase_id, instr_text)

Adds an adhoc task to the incident with the given name, phase, and instructions. Returns a Task script object for further customization.

The attachment object returned by addEmailAttachment(id) and addEmailAttachment(id, filename, content_type) defines two modifiable fields: filename and content_type. The addEmailAttachment(id) uses the email message's suggested_filename and suggested_content_type field values for the filename and content type values, respectively, when creating the incident attachment. The addEmailAttachment(id, filename, content_type) allows you to specify the filename and content_type values. For example, if the presented_filename and presented_content_type values were to be used instead, they could be specified using this function signature variation.

The following script is a simple example of adding a row to a data table, named infected_systems. It assumes that the data table includes an Owner Group column and an ID column. When the script is invoked on a row in the data table, it takes the ID of that row and adds 1 to make it a unique number. It then adds a new row with the same information but an updated ID and a different value, HR, for the Owner Group.
oldId = int(row.system_id)
newRow = incident.addRow("infected_systems")
newRow.updated(row)
newRow["system_id"] = str(oldId + 1)
newRow["owner_group"] = "HR"