Shift management helps you define multiple shifts within Cortex XSOAR. Shifts are assigned to user roles and enable you to assign available analysts.
Shift management helps you define multiple shifts within Cortex XSOAR. Each shift can be assigned to a user role so you are able to assign one or more analysts across different shifts.
You can do the following:
Enable incidents to be routed automatically to analysts based on shifts, ensuring full staff coverage for incoming incidents.
Define multiple shifts, which can be added to a role, and in turn assigned to a user group.
Automatically reassign incidents when shifts change.
Note
To view suggestions for on-call users to assign to an incident, run the getOwnerSuggestions command with the shiftOnly=true argument . You can also view users on-call with widgets from the Shift Management content pack.
When assigning an incident, you can manually assign it to analysts who are on-call or you can use the AssignAnalystToIncident script with argument onCall=true to automatically assign to users who are on call and active.
Define and Assign Shifts
In the Advanced tab, Shifts field, click Add Shift and add the required period.
Weekly shifts start on Sunday and are specified in the UTC time zone format.
For example, create a role called First Shift and add a shift starting on Sunday and ending Monday.
Save the role.
Create a user group and assign the shift role to the user group.
Assign one or more users to the user group.
(Optional) We recommend installing the Shift Management content pack. This content pack includes widgets that let you view Roles Per Shift, Users On-Call, etc. in a dashboard, as well as playbooks and scripts for assigning incidents to on-call users.