Customize and troubleshoot Cortex XSOAR with server configuration settings.
Cortex XSOAR provides custom server configuration settings that enable you to customize your Cortex XSOAR environment on the tenant level. You can also use custom server configuration settings in situations where you experience issues or need to troubleshoot situations in your environment.
To modify or add server configurations:
Navigate to → → → → .
Click + Add Server Configuration or edit an existing configuration.
Enter the key and value.
Click Save.
Engines
Key | Description | Default |
|---|---|---|
| Increases the timeout, in seconds, for a specific integration when using an engine. For example, change it to 300 seconds. Type in this format adding the brand name: |
|
| Specifies which users receive an email notification when an engine disconnects. A comma-separated list of Cortex XSOAR users. For example, | N/a |
Google API
Key | Description | Default |
|---|---|---|
| Entities that have Geo-location information (latitude and longitude) can be displayed on a Google map, by utilizing the Google Map API (which is required). For example, if you want to see the physical location of a computer that was attacked by Malware. To display the physical location of an entity on a map, run the this command with the value: | N/a |
Incidents
Key | Description | Default |
|---|---|---|
| Customizes incident close reasons in a comma separated list. For example, |
|
| By default, when editing the following inline values in an incident/indicator/threat intel reports, the changes are not saved until you confirm your changes (clicking the checkmark icon in the value field).
These icons are designed to let you have an additional level of security before you make changes to the fields in incidents/indicators. Set this configuration to true, to enable you to make changes to the inline fields without clicking the checkmark. The changes are automatically saved when clicking anywhere on the page or when navigating to another page. For text values you can also click anywhere in the value field to edit. |
|
| Whether to add chats and notes to closed investigation (set to |
|
| List of names in CSV format to receive notifications when an integration experiences a fetch error. For more information, see Receive Notification on an Incident Fetch Error. | N/a |
| Whether to Export Incidents and Indicators to CSV Using the UTF8-BOM Format. | False |
Indicators
Key | Description | Default |
|---|---|---|
| The reliability of the score from a reputation script. For more information, see Indicator Type Profile |
|
| Enables the indicator timeline in the indicator extraction flow. For more information, see Configure the indicator timeline. |
|
| Enables the indicator timeline in all flows. For more information, see Configure the indicator timeline. |
|
Integrations
Key | Description | Default |
|---|---|---|
| Timeout in minutes for specific integration commands. |
|
| The interval for the job in minutes. For more information, see Special Server Configurations. |
|
| Enable or disable the mirroring job. For more information, see Special Server Configurations. |
|
Notifications
Key | Description | Default |
|---|---|---|
| Set to true to enable notification for new content updates. |
|
| Notifies all users by email when there is a content update available (comma separated user names in Cortex XSOAR). | N/a |
| Whether to ignore failed fetch incident messages. For more information, see Receive Notification on an Incident Fetch Error. |
|
| Whether to disable notifications when an incident is changed. |
|
| Whether to disable notifications, when an incident is opened. |
|
| Whether to disable notifications when an incident is assigned. |
|
| Whether to disable notifications when an incident is closed. |
|
| List of names in CSV format. For example, | N/a |
| Select which email sender should send the notification. For more information, see Configure System Notifications. |
Playbooks
Key | Description | Default |
|---|---|---|
| Customizes the SOC name in the survey header for an Ask task. For more information, see Customize the SOC Name. | N/a |
| Whether to display the links generated for an Ask task in the Context Data of the Work Plan. |
|
| Whether to display the links generated for a Data Collection task in the Context Data of the Work Plan. |
|
Proxy
Key | Description | Default |
|---|---|---|
| The address (including the HTTPS prefix) of the proxy used for external user communication in a conditional task. | N/a |
Reports
Key | Description | Default |
|---|---|---|
| Configure the timezone for widgets in a report. For more information, see Configure the Time Zone in a Report. | Local time/Location |
Scripts
Key | Description | Default |
|---|---|---|
| The timeout, in minutes, to prevent blank pages when running a script. If you generate a report that runs a script and has blank pages you can Troubleshoot Reports. |
|
SLAs
Key | Description | Default |
|---|---|---|
| Change the risk threshold for SLAs. |
|
Widgets
Key | Description | Default |
|---|---|---|
| Amount in Dollars. Relevant for ROI widget. For more information, see Saved By Dbot (ROI) Widget. |
|