Once you have customized the phishing incident type, layout, and fields, and the relevant integrations and playbooks, as described in this tutorial, your analysts are assigned phishing incidents as they come in to Cortex XSOAR. For our example, we only used manual remediation, but after reviewing a number of incoming phishing incidents, you might decide to automatically block indicators or search and delete phishing emails across your organization, for greater automation.
To view phishing incidents, go to the Incidents and search for type:Phishing. Open a phishing incident to view both the out-of-the-box sections and the sections we customized in this tutorial. Analysts who have been assigned phishing incidents will also see those incidents listed under Incidents I own in the left menu.
 |