Use the setAlert script to set and update all system alert fields.
Creating alert fields is an iterative process in which you create fields as you better understand your needs and the information available in the third-party integrations you use. You initially define alert fields after the planning stage, with mapping and classification for how the alerts will be ingested from third-party integrations into Cortex XSIAM. However, during the investigation you can also set and update alert fields using the setAlert script in a playbook task.
Note
The setAlert script includes all available fields; use the scroll bar to see all the fields.
There are many fields already available as part of the Common Type content pack. Before creating a new alert field, check if there is an existing field that matches your needs.