Creating incident fields is an iterative process in which you create fields as you better understand your needs and the information available in the third-party integrations you use. You initially define incident fields after the planning stage, with mapping and classification for how the incidents will be ingested from third-party integrations into Cortex XSOAR. However, during the investigation you can also set and update incident fields using the setIncident automation in a playbook task.
Note
The setIncident automation includes all available fields; use the scroll bar to see all the fields.
There are many fields already available as part of the Common Type content pack. Before creating a new incident field, check if there is an existing field that matches your needs.
Additional Resources