Create the Read-Only Incident Type and Layout - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Create a special incident type that enables self-service read-only users to view incident data in Cortex XSOAR.

  1. Go to SettingsOBJECTS SETUPIncidentsTypes.

  2. Create an Incident Type for the self-service read-only user. Be sure to configure the playbook to run automatically.

  3. Select the Incident Type and click Edit Layouts.

  4. Create a new incident tab dedicated to self-service read-only users.

  5. Hover over the tab you want the self-service read-only user to view and click the gear icon.

  6. Click Viewing Permissions.

  7. In the Viewing Permissions window, select the Permit users with no roles to view this tab option.

  8. Customize this incident tab to only include widgets with data read-only users can access. Such information can be Case Details, Timeline Information, Attachments, and War Room entries.

  9. Test and validate this incident tab layout as a self-service read-only user to ensure it displays correctly and without an insufficient permission error message.