Create a data collection task in a playbook. Multi-question survey (form), responses are recorded in incident’s context data.
The Data Collection task is a multi-question survey (form), which recipients access from a link in the message. Users do not need to log in to access the survey, which is located on a separate site.
You can include the following types of questions in the survey:
Standalone questions. These are presented to users directly in the message, and users answer directly in the message (not an external survey).
Field-based questions. These are based on a specific Cortex XSOAR field (either system or custom), for example, a grid field. The response (data) received for these fields automatically populates the field for this incident in Cortex XSOAR. For single select field based questions, the default option is taken from the field's defined default.
You can collect responses in custom fields, for example, a grid field.
Note
If responses are received from multiple users, data for multi-select fields and grid fields are aggregated. For all other field types, the response received most recently will override previous responses as it displays in the field. All responses are always available in the context data.
If the playbook was installed from a content pack, duplicate or detach the playbook, before creating a data collection task.
In a playbook, click + (Create task).
Select the Data Collection option.
Enter a meaningful name in the Task Name field for the task that corresponds to the data you are collecting.
Select the communication options you want to use to collect the data.
The Task option is selected by default. The data collection survey can be completed directly in the Workplan.
If you select Generated link, a link to the data collection survey is available in the context data of the incident.
If you select Email, enter the subject and message of the email and the email addresses of the users who should receive this message or survey.
A link to the survey is automatically placed at the bottom of the message.
Some integrations can be used to collect data for Data Collection tasks, such as Microsoft Teams and Slack. If any of these integrations are installed, it will appear as an option.
In the Questions tab, enter the questions and answer types that the survey will contain.
Note
If you select Add Question based on field, fields associated with the question will automatically take all the parameters from the field definition (for example, the placeholder value and reply options), unless configured differently. For example, you can configure user responses to populate values for incident fields. If the responses are collected in a grid field, they are concatenated with the incident context data. If the responses are collected for all other incident field types, they override the incident context data.
(Optional) To customize the look and feel of your email message, click Preview.
You can determine the color scheme and how text in the message header and body appear, as well as the appearance and text of the button the user clicks to submit the survey.
