findIncidentsWithIndicator
This Script is part of the Common Scripts Pack.#
Looks up incidents with a specified indicator. Uses currentIncidentId to omit the existing incident from output.
Permissions#
This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: For Cortex XSOAR 6, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations for Cortex XSOAR 8 Cloud, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script for Cortex XSOAR 8 On-prem, see the https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script.
Script Data#
| Name | Description |
|---|---|
| Script Type | javascript |
| Tags | Utility |
Inputs#
| Argument Name | Description |
|---|---|
| indicator | The indicator to search for. |
Outputs#
| Path | Description | Type |
|---|---|---|
| IncidentsWithIndicator.Indicator | The indicator that was found in other incidents. | Unknown |
| IncidentsWithIndicator.incidentIDs | The incident IDs that the indicator was found in. | Unknown |