Add a Cortex XSOAR server configuration to change the name of security incidents from ‘incident’ to another term - cases, issues, etc.
In Cortex XSOAR, the default term used for a security incident is incident. You can change the term that is used for security incidents from a predefined list of options. This term displays in reports, menus, tables, and commands (local and server) in Cortex XSOAR.
When you change the display name of a security incident, the following commands are deprecated and are replaced with commands with the new name:
associateIndicatorstoIncidentassociateIndicatortoIncidentcreateNewIncidentslinkIncidentsrelatedIncidentssetIncidentunAssociateIndicatorstoIncidentunAssociateIndicatortoIncident
For example, if you change the security incident name to Cases, the setIncident command appears as setIncident (Deprecated) and the setCase command replaces it. You can still use the deprecated command but we recommend replacing the command for clarity.
The term you select does not change the display name for content-related items, such as playbooks, integrations, scripts, dashboards, or the API.
Note
(Multi-Tenant) When changing the display name of security incidents, the URL link which contains /incident may not work properly. For example, when changing the incident to case, sometimes the links are formed with the/incident URL and not with the /case URL. This can usually be corrected by clearing the browser cache and reloading the page.
Navigate to → → .
In the Server Configuration section, click Add Server Configuration.
In the Key field type
UI.term.incident.In the Value field enter the value for the term. In the following table, the Command column displays the correct command to use.
Value
Term
Command
0
Incidents (default)
setIncident1
Cases
setCase2
Alerts
setAlert3
Events
setEvent4
Plays
setPlay5
Tickets
setTicket6
Issues
setIssueRestart the server.