Restrict an Investigation - Administrator Guide - 6.10 - Cortex XSOAR - Cortex

Restrict an Investigation - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product

Cortex XSOAR

Version

6.10

Creation date

2022-10-13

Last date published

2023-11-28

Category

Administrator Guide

You can restrict an investigation to the incident owner and the team associated with the investigation.

Do one of the following:
- Open the incident and select Actions → Restrict incident.
  To remove the restriction select Actions → Permit incident.
- In the CLI, type /investigation_restrict id= id_ number
(Optional) For Automation do the following:
- Use the restrictInvestigation command in a playbook.
- Specify the incident ID of the incident for which you want to restrict access.
- Set the Restrict argument to True to restrict the incident.
- Set the Restrict argument to False to remove restricted from the incident.