Create a new incident manually, through the API, ingest incidents, or import a JSON file.
You can create incidents in Cortex XSOAR from:
The Incidents page
An indicator
A JSON file (primarily used for playbook testing)
The API
To create a single incident using the API, use
/incident
. If you create an incident via the API and do not setcreateInvestigation: true
, the incident is created but an investigation will not be opened and a playbook will not automatically run. For more information, see Create or update an incident.To view the full API documentation, go to Cortex XSOAR 8 API Reference guide.
Integration feeds
Incidents can be created from an integration instance. For more information about how to fetch incidents, see Fetch incidents from an integration instance.
Note
If you can't create an incident from any of these options, you may not have sufficient user role permissions. Contact your Cortex XSOAR administrator for more details.