You can create custom incident domains to help you to differentiate between your work efforts, and effectively manage and prioritize your workload.
Warning
Before you add a custom domain, please review the built-in options. For more information, see Incident and alert domains.
We recommend using the built-in domains where possible. Custom domains might not be supported by all content. In addition, custom domains affect Cortex XSIAM’s ability to learn, correctly identify, and score future incidents.
In addition, alert grouping and Smartscore are only supported for the Security domain.
Custom domains help you to differentiate between your work efforts. You can create tailored workflows for each domain, so that you can effectively manage and prioritize your workload.
Note
Adding custom domains requires a View/Edit RBAC permission for Incident Properties (under Object Setup).
Once created, a custom incident domain cannot be deleted or renamed.
Go to → → → .
The existing domains are listed.
Click + New Domain.
Assign a name and color to the domain, and an optional description.
In the Status field, select one or more statuses that are relevant to the domain. These statuses will be available for selection in the incidents and alerts associated with this domain.
In the Resolution Type field, select one or more resolution reasons that are relevant to the domain. These reasons will be available for selection in the incidents and alerts associated with this domain.
Click Save.
(Optional) Update SBAC permissions to enable access to the domain.
Go to → → or and update the Scope to include the tag for the new domain.