Customize and Configure Cortex XSOAR - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Customize and configure your Cortex XSOAR deployment.

In this section, the administrator can customize and configure the following:

  • Dashboards: Includes how to create, edit, and share a dashboard, etc.

  • Reports: Includes how to create, schedule, and edit a report, configure the timezone, etc.

  • Widgets: Includes how to create a widget from the widget builder, using a JSON file and script, etc.

  • Marketplace: Includes an overview of Marketplace and the content pack lifecycle, and how to access Marketplace, search and navigate, install contact packs, etc.

  • Incidents: Includes how to automatically de-duplicate incidents, add pre-process and post processing rules, customizing incidents, layouts, access control, etc.

    For day-to-day tasks such as investigating incidents, see Incident Management.

  • Indicators: Includes how to customize indicator types and layouts, extract indicators, configure indicator scripts and timeline, export indicators, etc.

    For day-to-day tasks, such as extracting indicators in the CLI, export indicators, add to an exclusion list, see Indicator Management.

  • Playbooks: Includes how to create tasks, debug a playbook, version control, extend context, playbook polling, etc.

  • Jobs: Includes how to create a time triggered job and a job triggered by delta in a feed, etc.

  • Lists: Includes how to use and create lists, etc.

  • SLAs: Includes how to create and manage SLAs.