Work with Incidents - Administrator Guide - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.5
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Configure tabs and scripts for the Cortex XSOAR Enterprise mobile app. View incident summaries, War Room chats, complete tasks, and add tabs.

View all the incidents according to your selected filter.

In the Cortex XSOAR Web app, when customizing incident layouts, you can decide which tabs appear in the mobile app, by selecting the Show this tab on Cortex XSOAR mobile app if role allows checkbox. Only mobile supported tabs have this checkbox (for example, Work Plan and the Evidence tabs do not have the checkbox and will not appear in the mobile app). By default, all mobile supported tabs have the checkbox selected. When you add new tabs, you can also select whether they can be viewed in the mobile app.

When selecting the Show this tab on Cortex XSOAR mobile app if role allows checkbox, you also have the option to hide the tab on the web, which is useful if you want to add mobile specific functionality.

If you want to run commands in the mobile app such as escalation or enrichment, you need to add a script button to the tab, when customizing incident layouts in the Web. It is useful to add a button when you are undertaking war room commands or other custom actions in the mobile app. When clicking the button you created, a message appears showing whether it was successful in the mobile app. The results can be viewed in the War Room (web only).

mobile-button.png

You can view the following tabs:

  • Summary

    The incident summary supports a limited number of sections and fields. If you want to create a custom incident summary layout for the mobile app you need to customizing incident layouts in the Web.

    mobile-incident-table.png
  • War Room Chat

    You can view, send and receive messages, upload, download files, and attachments.

    mobile-warroom.png
  • Tasks

    You can assign analysts to the task, chose options to complete the task and manually mark the task as complete.

    mobile-tasks.png

    To perform action on the incident, tap mobile-icon2.png. Support. Supported incident actions include:

    • Assign an analyst to the incident

    • Change the incident severity

    • Change the incident type

    • Close the incident