Configure engines, playbooks, scripts, dashboards, etc., for your use case.
As soon as you have completed onboarding with Cortex XSOAR, you can start configuring the tenant to match your use cases.
Section | Details | See More |
---|---|---|
Engines | If you have not done so already, you can configure and manage engines, such as using an engine as a web proxy and setting up Docker hardening. | |
Marketplace | You may want to install additional content packs, delete, update, revert, and set up notifications. | |
Integrations | Configure integrations, including fetching incidents, managing credentials, troubleshooting, and more. | |
Incidents | Customize incident fields, layouts, and types, set up preprocessing and post-processing rules, limit access to an investigation, etc. | |
Playbooks | Learn how to customize your playbooks including creating tasks, sub-playbooks, and polling. | |
Lists | Create lists and add them to playbooks or scripts. | |
Jobs | Run playbooks based on certain events or on a specific time and date. | |
SLAs | Incorporate SLA fields in your investigations so you can view how much time is left before the SLA becomes past due, as well as configure actions to take when the SLA is passed its due date. | |
Indicators | Customize indicator fields, layouts, and types, classify and map fields, and delete and exclude indicators. | |
Dashboards, reports, and widgets | Customize and create widgets to add to your dashboard and reports. |
After you have configured Cortex XSOAR, analysts can start to investigate incidents and indicators.