Customize incident close reasons - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2025-01-15
Category
Administrator Guide
Solution
On-prem
Abstract

Customize close reasons for incidents by adding a server configuration in Cortex XSOAR.

The default incident close reason values are:

  • False Positive

  • Resolved

  • Duplicate

  • Other

To customize the incident close reason, you need to add a new server configuration.

  1. Select Settings & InfoSettingsSystemServer SettingsServer ConfigurationAdd Server Configuration.

  2. Add the following key and value:

    Key

    Value

    incident.closereasons

    A comma-separated list. For example, False Positive,Resolved,Duplicate,Low Priority,Invalid,Other.