Configure Cortex XSOAR - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Cloud Documentation

Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2024-12-05
Category
Administrator Guide
Solution
Cloud
Abstract

Configure engines, playbooks, scripts, dashboards, etc., for your use case.

As soon as you have completed onboarding with Cortex XSOAR, you can start configuring the tenant to match your use cases.

Section

Details

See More

Engines

If you have not done so already, you can configure and manage engines, such as using an engine as a web proxy and setting up Docker hardening.

Engines

Marketplace

You may want to install additional content packs, delete, update, revert, and set up notifications.

Marketplace

Integrations

Configure integrations, including fetching incidents, managing credentials, troubleshooting, and more.

Integrations

Incidents

Customize incident fields, layouts, and types, set up preprocessing and post-processing rules, limit access to an investigation, etc.

Incidents

Playbooks

Learn how to customize your playbooks including creating tasks, sub-playbooks, and polling.

Playbooks

Lists

Create lists and add them to playbooks or scripts.

Lists

Jobs

Run playbooks based on certain events or on a specific time and date.

Jobs

SLAs

Incorporate SLA fields in your investigations so you can view how much time is left before the SLA becomes past due, as well as configure actions to take when the SLA is passed its due date.

SLAs

Indicators

Customize indicator fields, layouts, and types, classify and map fields, and delete and exclude indicators.

Indicator configuration

Dashboards, reports, and widgets

Customize and create widgets to add to your dashboard and reports.

Dashboards and Reports

After you have configured Cortex XSOAR, analysts can start to investigate incidents and indicators.