# Change this value to reflect who will be the owner of the incident before running the script.\ newIncidentOwner = "" # The new incident owner - the email address of a user or the name of a group and cannot be blank. For example, to change the owner to locate line 8 of the script:
You need to edit the script to add a Resilient user as the owner. In the provided script, this value is left blank. New incidents need an owner - either an individual identified by their email address or a group name. It is also available from the IBM Knowledge Center at: …. This guide is available from the Help/Contact menu in the Resilient platform. Refer to the Resilient Incident Response Platform Playbook Designer Guide for details on writing and customizing scripts. To run the script, you must have a mailbox connection to retrieve email messages from an email server, and you run it from a rule with an Email Message as the Object Type.
Adds the email message's subject as an artifact to the new incident.Associates the email message with the new incident.Creates a new incident with a suitable title.If so, it associates the email message with the existing incident.Checks if an existing incident exists whose title reflects the email message received.The script is intended to perform email parsing on email message objects.
If upgrading to V32.2, any existing Organizations and subsequently created Organizations will have a new script. V32.2 of the Resilient platform contains an out-of-the-box Python script called "Sample script: process inbound email (v32.2)". Resilient example email message parsing script