In Cortex XSOAR, the default term used for a security incident is
incident. You can change the term that is used for security incidents from a predefined list of options. This term displays in reports, menus, tables, and commands (local and server) in Cortex XSOAR.
When you change the display name of a security incident, the following commands are deprecated and are replaced with commands with the new name:
For example, if you change the security incident name to
setIncident command appears as
setIncident (Deprecated) and the
setCase command replaces it. You can still use the deprecated command but we recommend replacing the command for clarity.
The term you select does not change the display name for content-related items, such as playbooks, integrations, scripts, dashboards, or the API.
(Multi-Tenant) When changing the display name of security incidents, the URL link which contains
/incident may not work properly. For example, when changing the incident to case, sometimes the links are formed with the
/incident URL and not with the
/case URL. This can usually be corrected by clearing the browser cache and reloading the page.
Navigate to→ → .
In the Server Configuration section, click Add Server Configuration.
In the Key field type
In the Value field enter the value for the term. In the following table, the Command column displays the correct command to use.
Restart the server.