Create Custom Fields for the Malware Investigation and Response Incident Layout - Tutorials - 6.x - Cortex XSOAR - Cortex

Create Custom Fields for the Malware Investigation and Response Incident Layout - Tutorials - 6.x - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR 6.x Tutorials

Product

Cortex XSOAR

Version

6.x

Creation date

2022-10-13

Last date published

2023-06-05

Category

Tutorials

Once you are familiar with the incident layout, create custom fields to add to the Malware Investigation and Response incident layout. You can view and edit all existing out of the box fields in the fields table. In this tutorial, we create the following fields:

Field Name	Field Type	Comments/Values
`XDR Tuning Required?`	Boolean (checkbox)	Enables the analyst to consider whether to fine tune a security policy (in the Case info tab and the Close tab.
`Was a link clicked?`	Boolean (checkbox)	We add this to the Case info tab and when creating or editing an incident.
`Was there a High Value Target?`	Boolean (checkbox)	We add this to the Case info tab and when creating or editing an incident.

Go to Settings → OBJECTS SETUP → Incidents → Incident Fields.
Create the XDR Tuning Required field.
1. Click New Field.
2. In the Field Type field, select Boolean (checkbox).
3. In the Field Name field, type the name you want to use, such as XDR Tuning Required.
4. Click Save.
Repeat for the other fields.
Add the new custom fields to the layout.