Shift Management - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Shift management helps you define multiple shifts within Cortex XSOAR. Each shift can be assigned to a user role so you are able to assign one or more analysts across different shifts.

You can do the following:

  • Enable incidents to be routed automatically to analysts based on shifts, workload, and machine learning recommendations, ensuring full staff coverage for incoming incidents.

  • Define multiple shifts, which can be added to a role, and in turn assigned to a user. To manage shift periods for users, see Managing Shifts.

  • Automatically route incidents to analysts based on shifts, workload, and machine learning recommendations in playbooks and automations. For example, the AssignAnalystToIncident automation, automatically assigns the incident based on who is on call and who is active (not set to away).

After assigning the role to users, Cortex XSOAR recommends who to assign incidents. When assigning an analyst to an incident, these shifts can be taken into account.


If you want to consider on-call users only, run the getOwnerSuggestions command.