Customize incident close reasons - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Cloud Documentation

Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2024-11-28
Category
Administrator Guide
Solution
Cloud
Abstract

Customize close reasons for incidents by adding a server configuration in Cortex XSOAR.

The default incident close reason values are:

  • False Positive

  • Resolved

  • Duplicate

  • Other

To customize the incident close reason, you need to add a new server configuration.

  1. Select Settings & InfoSettingsSystemServer SettingsServer ConfigurationAdd Server Configuration.

  2. Add the following key and value:

    Key

    Value

    incident.closereasons

    A comma-separated list. For example, False Positive,Resolved,Duplicate,Low Priority,Invalid,Other.

    Note

    For multi-tenant deployments, you need to add the configuration to each tenant, not only the Main Account.