automation-AddEvidence.yml

args:
- default: true
  defaultValue: ${lastCompletedTaskEntries}
  description: Entry IDs to add its output to Evidence Board
  name: entryIDs
  required: true
- deprecated: true
  description: Description to add to Evidence Board
  name: desc
- description: Description to add to Evidence Board
  name: description
- description: 'Occurred time of the evidence (time format: 2008-01-02T15:04:05)'
  name: occurred
- description: Evidence tags
  name: tags
comment: |
  Adds provided entries to the incident Evidence Board. In playbook, can be positioned after a task to add the previous task's entries to Evidence Board automatically (with no need to provide arguments)
commonfields:
  id: AddEvidence
  version: -1
enabled: true
name: AddEvidence
runonce: false
script: |-
  if (!args.entryIDs) {
      throw 'Missing argument values for command AddEvidenceJS are : entryIDs';
  }
  var entryIDs = args.entryIDs;
  var entryTags = args.tags;
  var desc = (args.description) ? args.description : args.desc ? args.desc : 'Evidence added by DBot';
  entryIDs = (Array.isArray(entryIDs)) ? entryIDs : [entryIDs];
  entryTags = (Array.isArray(entryTags)) ? entryTags.join(',') : entryTags;

  for (var i=0;i<entryIDs.length;i++) {
      var entryID = entryIDs[i];
      entries = executeCommand('getEntry', {'id': entryID});
      if (isValidRes(entries)) {
          for (var j=0;j<entries.length;j++){
              var ent=entries[j];
              var obj = { 'id': entryID, 'description': desc};
              if (args.occurred) {
                obj.when = args.occurred;
              }
              if (entryTags) {
                obj.tags = entryTags;
              }
              var res = executeCommand('markAsEvidence', obj);
              if (!isValidRes(res)) {
                  return res;
              }
          }
      } else {
          return entries;
      }

  }

  return "Entry ID " + entryIDs + " added to evidence";
scripttarget: 0
system: true
tags:
- Utility
type: javascript