Abstract
Day to day incident management in Cortex XSOAR.
After you have customized incidents and started ingesting incidents into Cortex XSOAR, you can start investigating incidents. Within Cortex XSOAR, real-time investigation is facilitated through the War Room. In the War Room, you can run real-time security actions through the CLI, complete and assign tasks, run playbooks, scripts, and commands, mark entities as evidence, execute remote actions across integrated products, and collaborate with other analysts.
The following topics describe the day-to-day incident actions in Cortex XSOAR: