Incident Management - Administrator Guide - 8 - Cortex XSOAR - Cortex

Incident Management - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product

Cortex XSOAR

Version

Creation date

2024-02-14

Last date published

2024-04-24

Category

Administrator Guide

Solution

Cloud

Abstract

Day to day incident management in Cortex XSOAR.

After you have customized incidents and started ingesting incidents into Cortex XSOAR, you can start investigating incidents. Within Cortex XSOAR, real-time investigation is facilitated through the War Room. In the War Room, you can run real-time security actions through the CLI, complete and assign tasks, run playbooks, scripts, and commands, mark entities as evidence, execute remote actions across integrated products, and collaborate with other analysts.

The following topics describe the day-to-day incident actions in Cortex XSOAR:

Create an Incident
Investigate Incidents
Link Incidents
De-Duplicate Incidents Manually
Create and Share Incident Queries
Search Incidents using SLA and Timer Fields