Skip to main content
Skip table of contents

Create Incident

LAST UPDATED: MAR 27, 2024

Escalates a newly ingested event to an incident, initializing both static and custom fields.

READER NOTE

This command is only applicable within an Event Playbook.

Implementation

System

Command Category

System Utility

Tags

INCIDENT INCIDENTMANAGEMENT

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Incident Type

Required

The incident type.

Playbook - Phishing

Title

Optional

The incident title.

Critical phishing incident

Description

Optional

The incident description.

This is a phishing incident that requires investigation.

Severity

Optional

The incident severity.

Low

Playbook

Required

The incident playbook.

123

Owner

Optional

The incident owner.

admin

External Key

Optional

An external key is a unique key: outside of D3. Keep the field empty if you do not have one.

20220111-1

Custom Fields

Optional

User defined custom fields. The field name must have the prefix "Custom" and use PascalCase format. If the name does not follow this rule, it will be converted.

CODE 
{
  "CustomField1": "data1",
  "CustomField2": "data2",
  "CustomField3": "data3"
}

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON 
{
    "Status": "Successful"
}
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close