Configure Custom Case and Incident Management Data Mappings

because teds relies on the most common attributes for a given object type, such as alerts, there are vendor specific fields that are not mapped in teds objects in order to map these fields to case and incident management (cim) records, you will need to use the soc extract raw alert fields to cim playbook to pluck values from the raw alert object included in the teds object and record, and write those values to fields you have created in the cim application there are two ways to do this option 1 discrete mappings (native transformations) for each vendor specific field you wish to add to cim create a new field of the appropriate type in the cim application edit the extract raw alert fields to cim playbook edit the extract fields action and, for each field you wish to extract to cim create a transformation block use the get value by key transformation to extract the data from the raw alert body for property, select the evaluate raw alert > raw alert playbook data add your created fields into the write to cim record action under update fields and map the appropriate transformation values for each field option 2 bulk mappings (advanced transformations) create fields of the appropriate types in the cim application https //docs swimlane com/case and incident management application to store your mappings create an advanced transformation block in the extract fields action create a json object that follows the format "key name" actions evaluate raw alert result raw alert 'key name' for each key you wish to map to the cim record map this object as a playbook property to write to cim record > update fields case and incident management data mappings walk through