Scheduled script for setting state of Security Incidents from Review to Closed after 3 days

modonnell
Giga Contributor

yesterday

Hello - trying to make a scheduled job to run a script that will go through all of the Security Incidents currently in the Review state that hasn't been updated in 3 days, and set the state to Closed. The Security Incidents will already have all the required fields when setting it to Review.

 

The below script I made is not doing anything when i hit the Execute Now button, any ideas what I am doing wrong here? First time trying to write a script in SN. Thank you.

 

try {
    var grSSR = new GlideRecord('sn_si_incident');
    grSSR.addQuery("active", "true");
    grSSR.addQuery("state", "100"); // review
   
    var threeDaysAgo = new GlideDateTime();
    threeDaysAgo.addDaysUTC(-3);
    grSSR.addQuery('sys_updated_on', '<', threeDaysAgo);
    grSSR.setLimit(1); // <- this is "( 1 )" without spaces here, keeps changing to icon.
    grSSR.query();
   
    while (grSSR.next()) {
        grSSR.state = 3; // closed
        grSSR.closed_at = new GlideDateTime();
        grSSR.closed_by = grSSR.assigned_to; // Set Closed By field to the current assigned to.
        grSSR.update();
    }
} catch (e) {
    gs.error(e.message);
}
0 Helpfuls
  • 251 Views
4 REPLIES 4

Ankur Bawiskar
Tera Patron
Tera Patron

yesterday

@modonnell 

this is OOTB BR for incident closure, check the script and enhance for your table

AnkurBawiskar_0-1757435555488.png

 

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron

yesterday

@modonnell 

Things to check in your script

1) state value is correct in comparision

2) you are using setLimit(1)  so it will try to match only 1 Record, comment that line

3) are you using correct field names for closed_at and closed_by

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to Ankur Bawiskar

yesterday

@modonnell 

Hope you are doing good.

Did my reply answer your question?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Bhimashankar H
Mega Sage

yesterday

Hi @modonnell 

 

First of all, ensure you have the record in review state and has not been update for last 3 days.

 

Use below script and check the potential records that will update

 

(function() {
  try {
    // Compute threshold: 3 calendar days ago (UTC)
    var threeDaysAgo = new GlideDateTime();
    threeDaysAgo.addDaysUTC(-3);

    // Validate state values for SIR
    // Common mapping (verify in your instance):
    // Review (e.g., 100), Closed (e.g., 3). Change to match sn_si_incident dictionary.
    var STATE_REVIEW = '100';
    var STATE_CLOSED = '3';

    // Query reviews older than 3 days and still active
    var gr = new GlideRecord('sn_si_incident');
    gr.addActiveQuery();
    gr.addQuery('state', STATE_REVIEW);
    gr.addQuery('sys_updated_on', '<', threeDaysAgo);
    gr.query();

    var matched = 0, closed = 0;
    while (gr.next()) {
      matched++;

      // Populate mandatory closure fields for SIR (adjust to your dictionary)
      // If Close code/notes are required, set them before closing.
      if (!gr.getValue('close_code')) gr.setValue('close_code', 'Resolved'); // adjust valid choice
      if (!gr.getValue('close_notes')) gr.setValue('close_notes', 'Auto-closed after 3 days in Review state.');

      // Set Closed At/By if business logic expects them
      gr.setValue('closed_at', new GlideDateTime());
      // If you want the assignee to be the closer; otherwise use a dedicated integration user
      gr.setValue('closed_by', gr.getValue('assigned_to') || gs.getUserID());

      // Close the record
      gr.setValue('state', STATE_CLOSED);
      gr.setValue('active', false);

      var sysId = gr.getUniqueValue();
      var res = gr.update();
      if (res) {
        closed++;
        gs.info('Closed SIR: ' + gr.getDisplayValue('number') + ' (' + sysId + ')');
      } else {
        gs.warn('Update failed for SIR: ' + gr.getDisplayValue('number') + ' (' + sysId + ')');
      }
    }
    gs.info('Security Incidents matched: ' + matched + ', closed: ' + closed);
  } catch (e) {
    gs.error('SIR auto-close error: ' + e.message);
  }
})();

 

You also need to set the value for close code and close notes.

Try this this script in background for only one record and it will show all the info messages.

 

 

Thanks,
Bhimashankar H

 

-------------------------------------------------------------------------------------------------
If my response points you in the right directions, please consider marking it as 'Helpful' & 'Correct'. Thanks!

 

0 Helpfuls