Configure Incident Fields for Related Incidents - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-03-28
End_of_Life
EoL
Category
Administrator Guide
Abstract

Configure incident fields for related incidents by adding a server configuration for an allow or ignore list in Cortex XSOAR.

You can configure an allow list or an ignore list for which incident fields to use for related incidents. If you define an allow list, related incidents only use specified fields for calculation. If you define an ignore list, related incidents are calculated without the specified fields.

  1. Select SettingsAboutTroubleshootingAdd Server Configuration.

  2. Add the following keys and values:

    List type

    Key

    Value

    Allow list

    incident.metadata.whitelist

    A comma-separated list of fields to add to the allow list.

    Ignore list

    incident.metadata.ignore.list

    A comma-separated list to exclude from related incidents.