- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-26-2024 11:48 PM
Hi,
I have a requirement to automatically reassign security incidents to different assignment group based on a unique value in the description field. I have to fetch this unique value and glide through cmdb table and assign it based on the support group value in cmdb table.
1. Currently the assignment of security incident in the first place is done through the AWS account -support group and not through assignment rules.(We cannot edit this AWS account assignment as of now, we need to override this flow and do the reassignment)
2. I have tried to achieve this using after business rule for insert and update but the assignment happens only when there is a update in another security incident with similar when to run conditions.
How can I override this AWS account assignment and automatically reassign to different assignment group as soon as the ticket is created?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-27-2024 02:45 AM
Hi,
I have written similar kind of code which you have mentioned above but when the first security incident is created my business rule is not triggered, when similar kind of new security incident is created (inserted)then the BR is triggered, and the first SIR is updated with new assignment group. I want it to automatically reassign after the SIR is created and assigned to old group(i.e without waiting for a second SIR to be inserted/created).
Is there any other way to achieve this requirement other than business rule or how else can I correct it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-27-2024 01:09 AM
Hi @Anitha ,
To override the AWS account assignment and automatically reassign security incidents based on a unique value in the description field, you can achieve this using a combination of an after business rule and a script to fetch the support group from the CMDB table.
I've tried to provide you the steps below:
Step 1: Create the After Business Rule
Navigate to: System Definition > Business Rules.
Create a new Business Rule:
Name: Reassign Security Incidents
Table: Security Incident (or the appropriate table for your security incidents)
Advanced: Check the "Advanced" box
When to run: After Insert
Filter conditions: Specify any conditions if needed (e.g., only run if the assignment group is the AWS account support group)
Insert: Ensure the rule runs on insert
Step 2: Write the Script
In the script section of the business rule, write the logic to fetch the unique value from the description, look up the CMDB table, and reassign the incident. Here’s an example script:
(function executeRule(current, previous /*null when async*/) {
// Ensure this runs only once when the record is created
if (current.sys_created_on != current.sys_updated_on) {
return;
}
// Extract the unique value from the description
var description = current.description;
var uniqueValueMatch = description.match(/your_unique_value_regex/); // Adjust the regex to match the unique value
if (uniqueValueMatch) {
var uniqueValue = uniqueValueMatch[0];
// Query the CMDB table for the support group based on the unique value
var cmdbRecord = new GlideRecord('cmdb_ci'); // Adjust the table name if needed
cmdbRecord.addQuery('your_unique_field', uniqueValue); // Adjust the field name to match the unique value field
cmdbRecord.query();
if (cmdbRecord.next()) {
var supportGroup = cmdbRecord.support_group; // Adjust the field name for the support group
// Reassign the incident to the new support group
current.assignment_group = supportGroup;
current.update();
}
}
})(current, previous);
Thanks,
Hope this helps.
If my response proves helpful please mark it helpful and accept it as solution to close this thread.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-27-2024 02:45 AM
Hi,
I have written similar kind of code which you have mentioned above but when the first security incident is created my business rule is not triggered, when similar kind of new security incident is created (inserted)then the BR is triggered, and the first SIR is updated with new assignment group. I want it to automatically reassign after the SIR is created and assigned to old group(i.e without waiting for a second SIR to be inserted/created).
Is there any other way to achieve this requirement other than business rule or how else can I correct it?
