Create Incident Fields in a Playbook - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-11-20
End_of_Life
EoL
Category
Administrator Guide
Abstract

Use the setIncident automation to set and update all system incident fields.

Creating incident fields is an iterative process in which you create fields as you better understand your needs and the information available in the third-party integrations you use. You initially define incident fields after the planning stage, with mapping and classification for how the incidents will be ingested from third-party integrations into Cortex XSOAR. However, during the investigation you can also set and update incident fields using the setIncident automation in a playbook task.

set-incident-playbook-automation.png

Note

  • The setIncident automation includes all available fields; use the scroll bar to see all the fields.

  • There are many fields already available as part of the Common Type content pack. Before creating a new incident field, check if there is an existing field that matches your needs.

Additional Resources