Restrict an Investigation - Restrict a Cortex XSOAR investigation to the incident owner and the team associated with the investigation. - Administrator Guide - 6.13 - Cortex XSOAR - Cortex

Restrict an Investigation - Restrict a Cortex XSOAR investigation to the incident owner and the team associated with the investigation. - Administrator Guide - 6.13 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product

Cortex XSOAR

Version

6.13

Creation date

2024-04-15

Last date published

2025-10-27

Category

Administrator Guide

Abstract

Restrict a Cortex XSOAR investigation to the incident owner and the team associated with the investigation.

You can restrict an investigation to the incident owner and the team associated with the investigation.

Do one of the following:
- Open the incident and select Actions → Restrict incident.
  To remove the restriction select Actions → Permit incident.
- In the CLI, type /investigation_restrict id= id_ number
(Optional) For Automation do the following:
- Use the restrictInvestigation command in a playbook.
- Specify the incident ID of the incident for which you want to restrict access.
- Set the Restrict argument to True to restrict the incident.
- Set the Restrict argument to False to remove restricted from the incident.