Incidents - Administrator Guide - EoL - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2024-07-14
Category
Administrator Guide
End of Life > EoL
Abstract

Manage and investigate incidents in Cortex XSOAR.

Incidents are potential security data threats that SOC administrators identify and remediate. There are several incident triggers, including:

  • SIEM alerts

  • Mail alerts

  • Security alerts from third-party services, such as SIEM, mail boxes, and data in CSV format.

Cortex XSOAR includes several out-of-the-box incident types, and users can add custom incident types with custom fields, as necessary.

In this section you can do the following:

  • Customize incidents, including incident type, fields and layouts

  • Set up de-duplication including pre-process rules

  • Set up post processing

  • How to control access for incidents

  • Configure classifiers and mappers

  • Customize close reasons

For daily incident tasks, such as investigating an incident, and creating an incident, see Incident Management.