document-in-case
Add a comment to a case to document findings, actions, or recommendations. Use to maintain audit trail during investigations. Requires CASE_ID and comment text.
Install with Tessl CLI
npx tessl i github:dandye/ai-runbooks --skill document-in-case81
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Document in Case Skill
Add a standardized comment to a case to document findings, actions taken, or recommendations.
Inputs
CASE_ID- The SOAR case ID to add the comment toCOMMENT_TEXT- The full text of the comment to be added- (Optional)
ALERT_GROUP_IDENTIFIERS- Alert group identifiers if required
Workflow
Step 1: Post Comment
secops-soar.post_case_comment(
case_id=CASE_ID,
comment=COMMENT_TEXT,
alert_group_identifiers=ALERT_GROUP_IDENTIFIERS // if provided
)Step 2: Verify Status
Check the API response to confirm the comment was posted successfully.
Outputs
| Output | Description |
|---|---|
COMMENT_POST_STATUS | Success/failure status of the comment posting |
Comment Templates
Enrichment Summary:
IOC Enrichment for [IOC_VALUE] ([IOC_TYPE]):
- GTI Reputation: [score/classification]
- SIEM Activity: [first/last seen, alert count]
- IOC Match: [Yes/No]
- Assessment: [Low/Medium/High risk]
- Recommendation: [next steps]Triage Decision:
Alert Triage Complete:
- Classification: [FP/BTP/TP/Suspicious]
- Key Findings: [summary]
- Rationale: [why this classification]
- Action Taken: [closed/escalated]Investigation Update:
Investigation Update [timestamp]:
- Actions Completed: [list]
- Findings: [summary]
- Next Steps: [planned actions]- Repository
- dandye/ai-runbooks
- Commit
67a00be
- Last updated
- Created
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.