Create an Incident Type - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2024-09-18
Last date published
2024-10-31
Category
Administrator Guide
Solution
Cloud
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation
Abstract

Create and edit incident types in Cortex XSOAR.

Create an incident type specifically for an event you want Cortex XSOAR to deal with.

  1. Select Settings & InfoSettingsObject SetupIncidentsTypes+ New Incident Type.

  2. In the Settings tab, add the following parameters, as required:

    Field

    Description

    Name

    Enter a descriptive name for the task. Try to make this as informative as you can so readers of the playbook can know what the task does before viewing the task details.

    Default playbook

    Select the playbook that is associated with the incident type by default.

    Layout

    Select the incident layout for the incident type. To customize the incident layout, see Customize Incident Layouts.

    Run playbook automatically

    Determines if the playbook runs when the event is ingested.

    Post Process using

    Select the post process script to run on these incident types, after they have been processed.

    SLA

    Determines the SLA for this incident type in any combination of Weeks, Days, and Hours.

    Set Reminder at

    Optionally configure a reminder for the SLA in any combination of Weeks, Days, and Hours.

  3. In the Indicators Extraction Rules tab, add the required indicator extraction rules.

  4. Click Save.