Incidents - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-12-05
End_of_Life
EoL
Category
Administrator Guide
Abstract

Manage and investigate incidents in Cortex XSOAR.

Incidents are potential security data threats that SOC administrators identify and remediate. There are several incident triggers, including:

  • SIEM alerts

  • Mail alerts

  • Security alerts from third-party services, such as SIEM, mail boxes, and data in CSV format.

Cortex XSOAR includes several out-of-the-box incident types, and users can add custom incident types with custom fields, as necessary.

In this section you can do the following:

  • Customize incidents, including incident type, fields and layouts

  • Set up de-duplication including pre-process rules

  • Set up post processing

  • How to control access for incidents

  • Configure classifiers and mappers

  • Customize close reasons

For daily incident tasks, such as investigating an incident, and creating an incident, see Incident Management.