Delete context data from an incident - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-06-18
Category
Administrator Guide
Abstract

You can delete context data from an incident by running a command in the Incident War Room or the alert War Room.

Run the !deleteParentIncidentContext command to delete all context data or a specific key in the Incident War Room or alert War Room.

Use the alert War Room
  1. Identify an alert and click Investigate_icon.png to Investigate the alert.

  2. In the alert investigation panel, select the War Room tab.

  3. Run the !deleteParentIncidentContext command.

Use the Incident War Room
  1. In the incident investigation panel, select the Incident War Room tab.

  2. Run the !deleteParentIncidentContext command.

Example 29. Example

The following example deletes the key and value hello:world from the incident or alert context.

!deleteParentIncidentContext key="hello" value="world"