Incident Management - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2024-02-28
Category
Administrator Guide
Abstract

Day to day incident management in Cortex XSOAR.

After you have customized incidents and started ingesting incidents into Cortex XSOAR, you can start investigating incidents. Within Cortex XSOAR, real-time investigation is facilitated through the War Room. In the War Room, you can run real-time security actions through the CLI, complete and assign tasks, run playbooks, scripts, and commands, mark entities as evidence, execute remote actions across integrated products, and collaborate with other analysts.

The following topics describe the day-to-day incident actions in Cortex XSOAR: