Use the Cortex XSOAR Guard Rails page to see details about service limit errors or warnings.
The Cortex XSOAR Guard Rails page provides a list of usage limitation errors and warnings that occur during incident ingestion, investigation, and response. It helps to keep your environment stable and prevent actions that can cause major performance degradation or instability.
Cortex XSOAR has service rate limits for the number of incidents and indicators that can be ingested and stored. The Guard Rails page indicates when incident or indicator size exceeds predefined service limits and may affect performance.
Cortex XSOAR Guard Rails page
The Cortex XSOAR Guard Rails page displays a table with a list of service limit errors and warnings and their details.
An error occurs when a service limit is exceeded. For example, an error can be generated for exceeding the size limit of an attachment or for exceeding the number of entries per incident.
A warning occurs when approaching the service limit. For example, a warning can be generated when the number of entries per incident is approaching the service limit or the number of linked incidents is approaching the service limit.
The service limits are defined out-of-the-box. Contact Cortex XSOAR support if you need to change the values for your service limits.
Access the Guard Rails page from Cortex XSOAR → → .
The table shows the following information:
ID: (by default hidden) The log number.
Timestamp: The date time the error or warning occurred.
Type: The object type the error or warning occurred on, for example incident or indicator.
Subtype: The object sub type (N/A if it doesn't exist), for example entries or attachments.
Severity: Whether the item is an error or a warning.
Object ID: The ID of the restricted object.
Count: The number of times a specific item occurred in the last calendar day.
Description: A short description of the error or warning.
Note
Identical messages generated within the same day are not duplicated in the table, only the Count is updated and the Timestamp shows the date time the error or warning occurred for the first time. A count greater than one indicates an identical error or warning occurred more than once within the same day.