Communication Tasks - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2024-03-28
End_of_Life
EoL
Category
Administrator Guide
Abstract

Communication tasks in Cortex XSOAR playbooks enable you to send surveys and collect data.

Communication tasks enable you to send surveys internally and externally to users to collect data for an incident. The collected data can be used for incident analysis, and as input for subsequent playbook tasks. For example, you may want to send a scheduled survey requesting analysts to send specific incident updates, or send a single (standalone) question survey to determine how an issue was handled.

To allow users outside the Cortex XSOAR server network to access the communication task link, you need to configure access to the communication task through an engine.

Ask Tasks

The Ask conditional task is a single question survey, the answer to which determines how a playbook proceeds. If you send the survey to multiple users, the first answer received is used, and subsequent responses are disregarded.

Users interact with the survey directly from the message, meaning the question appears in the message and they click an answer from the message.

The survey question and the first response is recorded in the incident's context data. This enables you to use this response as the input for subsequent playbook tasks.

As it is a conditional task, you need to create a condition for each of the answers. For example, if the survey answers include, Yes, No, and Maybe, there should be a corresponding condition (path) in the playbook for each of these answers.

communication-task.png

For all Ask tasks, a link is generated for each possible answer the recipient can select. If the survey is sent to more than one user, a unique link is created for each possible answer for each individual recipient. By default, these links are hidden. To make the links available in the context data, add the comm.ask.linktocontext.enabled server configuration set to true. The links appear under Ask.Links in the context data.

Data Collection Tasks

The Data Collection task is a multi-question survey (form) that survey recipients access from a link in the message. The survey resides on an external site that does not require authentication, thereby allowing survey recipients to respond without restriction.

All responses are collected and recorded in the incident's context data, whether you receive responses from a single user or multiple users. This enables you to use the survey questions and answers as input for subsequent playbook tasks.

The following are examples of integrations that can use Data Collection tasks:

  • Email (EWS, Mail Sender, etc.)

  • Microsoft Teams

  • Slack

Note

You can collect responses in custom fields, for example, a Grid field.

For all Data Collection tasks, a single link is generated for each recipient of the survey. The links are available in the context data if the comm.datacollection.linktocontext.enabled server configuration is set to true. The links appear in the context data under the Links section of that survey.