Update alert fields - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-01
Category
Administrator Guide
Abstract

Use a playbook, script, or command to update incident fields.

You can update alert fields by running the setAlert command in the CLI, in a script, or a playbook task.

The following section explains how to update incident fields by running a command in the CLI.

Run the !setAlert command in the alert War Room.

When you start typing the CLI provides the available options. If you select an enum fields the CLI provides the available values.

Examples
  • To change the alert severity to high, run

    !setAlert severity=high
  • To change the alert severity to high and star the alert, run

    !setAlert severity=High starred=true