Abstract
Customize close reasons for incidents by adding a server configuration in Cortex XSOAR.
The default incident close reason values are:
False Positive
Resolved
Duplicate
Other
To customize the incident close reason, you need to add a new server configuration.
Select
→ → → → → .Add the following key and value:
Key
Value
incident.closereasons
A comma-separated list. For example,
False Positive,Resolved,Duplicate,Low Priority,Invalid,Other
.Note
For multi-tenant deployments, you need to add the configuration to each tenant, not only the Main Account.