Incident Tasks - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2024-02-21
Category
Administrator Guide
Abstract

Playbook tasks and to-do tasks are tasks users complete as part of an investigation. Add incident tasks as part of your investigation process.

Incident tasks are tasks for users to complete as part of an investigation, which are split according to the following:

  • Playbook Tasks: you can view, assign an owner, complete, and set a due date for playbook tasks that require attention.

  • To-Do Tasks: create tasks for users to complete as part of an investigation, and which are not attached to the incident's playbook. A playbook can finish running and an incident can be closed even if the incident contains open To-Do tasks.

    You can Create a To-Do Task directly from the incident Case (incident) info tab or in the To-Do Task section.

    Alternatively, you can create To-Do tasks from the command line.