-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
Copy pathGIBIncidentUpdate.py
43 lines (36 loc) · 1.6 KB
/
GIBIncidentUpdate.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
import demistomock as demisto # noqa: F401
from CommonServerPython import * # noqa: F401
def prevent_duplication(current_incident):
"""
This script checks if there is an existing incident with the same GIB ID as the incoming incident.
If so, the script updates the already existing incident with the fields of the incoming incident, and returns False.
If not, the script returns True.
"""
result = True
custom_fields = current_incident.get("CustomFields", {})
if "CustomFields" in current_incident:
del current_incident["CustomFields"]
if "labels" in current_incident:
del current_incident["labels"]
if "occurred" in current_incident:
del current_incident["occurred"]
if "sla" in current_incident:
del current_incident["sla"]
current_incident.update(custom_fields)
gibid = custom_fields.get('gibid')
search_incident = demisto.executeCommand("getIncidents", {"query": f"gibid: {gibid} and -status:Closed"})
if search_incident:
total = int(search_incident[0].get("Contents", {}).get("total", 0))
if total > 0:
result = False
incident_id = search_incident[0].get("Contents", {}).get("data", {})[total - 1].get("id")
for key, value in current_incident.items():
demisto.executeCommand('setIncident', {"id": incident_id, key: value})
return result
def main():
try:
return_results(prevent_duplication(demisto.incident()))
except Exception as e:
return_error(f"Error: {str(e)}")
if __name__ in ("__main__", "__builtin__", "builtins"):
main()