Create an SLA Field - Administrator Guide - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.5
Creation date
2022-09-28
Last date published
2024-11-12
End_of_Life
EoL
Category
Administrator Guide
Abstract

Create new SLA or timer and add SLA script to trigger when SLA time has passed using SLA and Timer fields.

By default, the system comes with several SLA and Timer fields.

The SLA fields count down the time remaining, while as a timer field it serves as a counter, counting the time that has elapsed since started. In the event that no SLA is defined, the SLA fields serve as a counter.

  1. Navigate to SettingsOBJECTS SETUPIncidentsIncident Fields.

  2. Click +New Field.

  3. Under Field Type field, select Timer/SLA.

  4. Enter a name and optional tooltip for the field.

  5. Define a duration for the SLA of this field. If no value is entered, the field serves as a counter.

    By default, the SLA field shows hours and minutes. You can change this to days and hours, by clicking Hours.

  6. Determine the risk threshold for this timer. When the timer falls below this threshold, it is considered at risk. By default, the threshold is 3 days, which is defined in the global system parameter.

  7. Under Run on SLA Breach, select the script to run when the SLA time has passed. For example, email the supervisor or change the assignee.

    Only scripts to which you have added the SLA tag will appear in list of scripts that you can select.

    SLA_Field.png
  8. Click Save.