Incident operations for scripts

The incident operations can be used with any Object Type for the script.

The object contains the incident data and helper methods. The incident data contains only data from incident fields; it does not contain its notes, task, milestones, artifacts, or attachments.

Type incident. to access data from a specific incident field or run a helper method. The field names and helper methods appear in a type-ahead box as you type.

When you change the state of an incident field, use 'C' or 'A' instead of "Closed" or "Active". For example, use "incident.plan_status = 'C'" instead of "incident.plan_status = 'Closed'".

The following table describes the helper methods.

Operation	Description
`addArtifact(type, value, description)`	Adds an artifact to the incident with the provided type, value, and description. Returns an artifact script object for further customization.
`addEmailAttachment(id)` `addEmailAttachment(id, filename, content_type)`	Attaches the email attachment to the incident and returns the attachment object to the incident. The returned attachment object can then be acted upon by other script operations. The attachment object that is returned by these operations defines two modifiable fields: filename and content_type. The addEmailAttachment(id) operation uses the email message's `suggested_filename` and `suggested_content_type` field values for the file name and content type values, when it creates the incident attachment. Use the addEmailAttachment(id, filename, content_type) operation to specify the file name and content_type values. For example, if the `presented_filename` and `presented_content_type` values were to be used instead, they can be specified by using this function signature variation.
`addMilestone(title, description, date)`	Adds a milestone to the incident with the provided title, description, and date. Returns a Milestone script object for further customization.
`addNote(text)`	Adds a note to the incident with the provided text. Returns a Note script object for further customization.
`addRow(name)`	Adds a row to the named data table on the incident. Returns a Row script object for further customization.
`addTask(name, phase_id, instr_text)`	Adds an ad hoc task to the incident with the provided name, phase, and instructions. Returns a Task script object for further customization.

Script example

The following script is a simple example of adding a row to a data table, named infected_systems. It assumes that the data table includes an Owner Group column and an ID column. When the script runs on a row in the data table, it takes the ID of that row and adds 1 to make it a unique number. It then adds a row with the same information but an updated ID and a different value, HR, for the Owner Group.

oldId = int(row.system_id)
newRow = incident.addRow("infected_systems")
newRow["system_id"] = str(oldId + 1)
newRow["owner_group"] = "HR"