Template Language for Action Center

Template Language

Template language allows you to automatically add attribute values for each of your selected assets or queries without having to manually enter them. For example, if you are submitting tickets for six Device assets, you can incorporate the tag {{device.hostname}} in your description so that the hostname of each Device is included in its respective ticket.

Let's breakdown the structure of a template tag to gain a better understanding of it

Brackets and Separators

There are two important syntax rules to keep in mind when constructing a template tag:

  • All template tags must begin and end with two brackets ({{}}).
  • Separators (.) must be used to differentiate between the different data components that make up a template tag.


Namespaces tell the Sevco platform the data type associated with your template tag. There are currently two namespace options:

  • device – allows you to include Device attributes in your template tag
  • user – allows you to include User attributes in your template tag
  • query – allows you to include information about the query you've run in your template tag


Attributes are unified asset attributes in Sevco with values that you would like your template tag to generate.

  • Attributes always follow a namespace in the template tag format. For example: If Device is your namespace and hostname is your attribute, your template tag will be {{device.hostname}}.
  • Please note that additional syntax is needed to display attribute values from specific sources. We will review this in the following section

Source Asset Attributes

Source Asset Attributes are like unified Attributes, except they are reported directly from a specific Source. They follow a similar template tag structure, with two additional syntax items added:

  • source_assets – this syntax should always come after your namespace and tells the system that you will be pulling data from a specific Source.
  • source_name – this syntax should be replaced with the name of the Source you would like to pull attribute data from.

Template tags for Source asset attributes use the following format:


If we would like to list the Crowdstrike agent version for a Device asset, our template tag should look like this:


Applying a Template Tag

As you begin typing, the Sevco platform will automatically populate syntax for each portion of your template tag.

After you enter your first set of brackets ({{) you will be prompted to choose between the device or user (depending on which Live Inventory page you are on) and query namespace.

Once you have selected a namespace, you will be provided with a list of possible unified and source asset attributes to finish populating your tag. Here are some tips for constructing a tag:

  • Make sure to include a separator (.) after your namespace. Otherwise the list will not populate
  • While the query attribute list is fairly short, you will want to type out the name of the attribute you would like to include in your tag to filter down the list.
  • For source asset attributes, type the source_assets. followed by the Source Name that your attribute falls under (i.e. {{device.source_assets.crowdstrike}}).

Query Template Tags

Unlike template tags for assets, which provide information about the assets in your queries, template tags for queries report information about the query itself. Because Sevco incidents create a separate ticket for each asset selected from a query, the value of a template tag for an asset will change depending on the asset corresponding to a ticket. Conversely, template tags values for queries will remain the same across all tickets created from an incident, as it is reporting on the query as a whole.

There are two query template tags that can be applied to an incident:

  • {{query.total}} – populates the total number of assets in your query
  • {{query.web_link}} – provides a link to the query you ran. Logged-in users with the link will be able to view the query from the Live Inventory page