Create Incident Fields in a Playbook - Playbook Design Guide - 6.x - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Playbook Design Guide

Product
Cortex XSOAR
Version
6.x
Creation date
2023-01-19
Last date published
2023-12-19
Category
Playbook Design Guide

Creating incident fields is an iterative process in which you create fields as you better understand your needs and the information available in the third-party integrations you use. You initially define incident fields after the planning stage, with mapping and classification for how the incidents will be ingested from third-party integrations into Cortex XSOAR. However, during the investigation you can also set and update incident fields using the setIncident automation in a playbook task.

set-incident-playbook-automation.png

Note

  • The setIncident automation includes all available fields; use the scroll bar to see all the fields.

  • There are many fields already available as part of the Common Type content pack. Before creating a new incident field, check if there is an existing field that matches your needs.

Additional Resources