Abstract
Restrict a Cortex XSOAR investigation to the incident owner and the team associated with the investigation.
You can restrict an investigation to the incident owner and the team associated with the investigation.
Do one of the following:
Open the incident and select
→ .To remove the restriction select
→ .In the CLI, type
/investigation_restrict id=
id_ number
(Optional) For Automation do the following:
Use the
restrictInvestigation
command in a playbook.Specify the incident ID of the incident for which you want to restrict access.
Set the
Restrict
argument toTrue
to restrict the incident.Set the
Restrict
argument toFalse
to remove restricted from the incident.