Restrict a Cortex XSOAR investigation to the incident owner and the team associated with the investigation.
You can restrict an investigation to the incident owner and the team associated with the investigation.
Do one of the following:
Open the incident and select→ .
To remove the restriction select→ .
In the CLI, type
(Optional) For scripts, do the following:
restrictInvestigationcommand in a playbook.
Specify the incident ID of the incident for which you want to restrict access.
Trueto restrict the incident.
Falseto remove restricted from the incident.