Manage and investigate incidents in Cortex XSOAR.
Incidents are potential security data threats that SOC administrators identify and remediate. There are several incident triggers, including:
SIEM alerts
Mail alerts
Security alerts from third-party services, such as SIEM, mail boxes, and data in CSV format.
Cortex XSOAR includes several out-of-the-box incident types, and users can add custom incident types with custom fields, as necessary.
In this section you can do the following:
Customize incidents, including incident type, fields and layouts
Set up de-duplication including pre-process rules
Set up post processing
How to control access for incidents
Configure classifiers and mappers
Customize close reasons
For daily incident tasks, such as investigating an incident, and creating an incident, see Incident Management.