Learn about commonly used features of Cortex XSOAR.
The main menu for Cortex XSOAR includes:
Feature | Description |
---|---|
My Incidents | Includes your favorites, incidents you own, and incidents you have participated in. |
Dashboards & Reports | Dashboards include visualized data, including Cortex XSOAR incident, indicator, and system data, displayed for a rolling, relative time frame. Dashboards enable you to track metrics, analyze trends that appear in your Cortex XSOAR data, and identify areas of concern. Dashboards can be customized with widgets that focus on the data points most relevant to your organization. Reports also contain visualized data, but can be run for a specific time frame and automatically sent via email to internal or external stakeholders. |
Incidents | On the Incidents page, you can search for and interact with incidents that have been ingested from third-party integrations or manually created in Cortex XSOAR. Incidents enable you to organize your investigation and response work. Each incident is a self-documenting IR workbench where you can view incident details in a custom layout, run scripts and playbooks on the incident, create notes, tag evidence items, and more. |
Threat Intel (Indicators | The Threat Intel page displays a table or summary view of all indicators. NoteIf you do not have a TIM license, the page is titled Indicators. Most Threat Intel features are available only with a Cortex XSOAR Threat Intelligence license. Includes the following:
|
Playbooks | On the Playbooks page, you can browse, create, and customize Cortex XSOAR playbooks, which are workflows that link together ordered response steps including scripts, manual tasks, and communication tasks. Playbooks enable you to standardize and orchestrate your IR processes. A playbook helps ensure users follow a consistent response process, automates mundane response tasks, ties together your different IR tools, and gathers all relevant incident context and enrichment data in one centralized place. NoteYou can copy/paste tasks from one playbook to another by using keyboard shortcuts. |
Scripts | On the Scripts page, you can browse, create, and customize Python, PowerShell, and JavaScript scripts for use in Cortex XSOAR. View the code for out-of-the-box scripts in order to troubleshoot, better understand, or build upon them. You can create custom scripts to extend Cortex XSOAR’s functionality to achieve your automation goals. |
Jobs | Jobs allow you to schedule playbooks to run on a recurring basis, either at a specific time or triggered by new indicators ingested from a feed integration. With jobs, you can automate actions you would normally take on a recurring basis, such as compiling malicious indicators and sending them to the SOC for verification before they are blocked. |
Marketplace | The Cortex Marketplace provides access to hundreds of integrations that extend the functionality of Cortex XSOAR and allow communication with third-party services. Includes the following:
|
Settings & Info | Includes the following:
|
Tenant Navigator | if you have more than one Customer Support Portal account, you can view and pivot to all the tenants that you have access to, by clicking Tenant Navigator. In the Tenant Navigator, you can do the following:
NoteIf you do not have more than one account, the Tenant Navigator is unavailable. |
User Menu (username) |
|