addDefaultValues

A Workflow Engine function that adds a set of default values to custom_info based on a payload map.

You can use this function as part of an Alert Enrichment engine, where it precedes any dynamic enrichment. The map can contain plain text, substitutions (for example, $severity, $custom_info.a.b.c.d) and complex objects (for example, { “country” : “Unknown”, “city” : “Unknown” }). See Payload Maps to learn how to define maps.

This function is available as a feature of the Workflow Engine v1.2 download and later.

This function is available for event, alert, enrichment, and Situation workflows. At alert level this function can either run in an Event Workflow Engine, or an Alert Workflow Engine, the choice of which depends on what else happens to the data (for example, whether it is further added to, or overwritten), and if custom_info is de-duplicated as part of the alert creation process (by default it is not).

The workflow sweep up filter applies to this function.

Back to Workflow Engine Functions Reference.Workflow Engine Functions Reference

Arguments

Workflow Engine function addDefaultValues takes the following arguments:

Name

Required

Type

Description

mapName

Yes

String

Name of the map defined in the PayloadMaps integration.

key

Yes

String

Destination custom_info location.

Example

The following example demonstrates typical use of Workflow Engine function addDefaultValues.

You have created a payload map called "Default Enrichment". You can now create a workflow to add the resulting map to a CEvent object before enrichment takes place (ensuring that the object has a set of populated values). To hold your enrichment data in custom_info.enrichment.myCMDB, set the following:

  • mapName: DefaultEnrichment

  • key: custom_info.enrichment.myCMDB

The UI translates your settings to the following JSON:

{"mapName":"DefaultEnrichment","key":"custom_info.enrichment.myCMDB"}

Note

This function does not store the resulting map in workflowContext, and so the result of this action is not available to subsequent actions.