How to remove all attachments

Go to solution
NikolaTesla
Tera Expert

‎05-02-2024 05:32 AM

What is the best way to remove all attachments for an incident that comes in for phishing reported through email? I try to use a business rule which runs before when category is phishing on insert and update and clicked on advanced option with a script but the business rule doesn't work when the incident for phishing comes in. It still has the attachment on the incident. 

My script 

(function executeRule(current, previous /*null when async*/) {
    // Check if there are attachments
    var attachment = new GlideRecord('sys_attachment');
    attachment.addQuery('table_name', 'incident');
    attachment.addQuery('table_sys_id', current.sys_id);
    attachment.query();
    while (attachment.next()) {
        attachment.deleteRecord(); // Delete the attachment
    }
})(current, previous);
 
thank you 
0 Helpfuls
  • 916 Views
1 ACCEPTED SOLUTION

Go to solution
Mark Manders
Mega Patron
In response to NikolaTesla

‎05-03-2024 12:38 AM

You could also check on your inbound action. You inbound action has a trigger. If that is a trigger you can easily use, you can also delete the attachments from the sys_email_attachment table before creating the incident, so they will never be copied to the incident at all. You will just have to add that part to your inbound action (if phishing: find attachments to this email (sys_email record) and delete -> create incident).


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

View solution in original post

0 Helpfuls
4 REPLIES 4

Go to solution
Mark Manders
Mega Patron

‎05-02-2024 06:02 AM

How are these coming in? Via email, or via the portal?

It could have to do with timing of when the attachments are created. Next to that: you have a before rule that tries to find 'current.sys_id'. So before the record is saved to the database, you expect it to already have a sys_id? 

I understand you requirement, but the attachments are in a table that is rarely queried directly for downloading or anything like that. Why not do it with an after rule (or flow)? 
Otherwise, depending on how they get in, make sure the attachments are ignored and never created.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Go to solution
NikolaTesla
Tera Expert
In response to Mark Manders

‎05-02-2024 06:07 AM

Thank you Mark.

 

They are coming in through inbound actions via email channel. 

I will give the after rule a try. Thanks again .

0 Helpfuls

Go to solution
Mark Manders
Mega Patron
In response to NikolaTesla

‎05-03-2024 12:38 AM

You could also check on your inbound action. You inbound action has a trigger. If that is a trigger you can easily use, you can also delete the attachments from the sys_email_attachment table before creating the incident, so they will never be copied to the incident at all. You will just have to add that part to your inbound action (if phishing: find attachments to this email (sys_email record) and delete -> create incident).


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls

Go to solution
NikolaTesla
Tera Expert
In response to Mark Manders

‎05-06-2024 09:26 AM

Let me try this. The business rule didn't work for me. It still shows attachments. 

 

thank you Mark. 

0 Helpfuls