Abstract
Incidents are potential security data threats that are ingested or created in Cortex XSOAR for investigation and remediation.
Incidents are potential security data threats that SOC analysts identify and remediate. There are several incident triggers, including:
SIEM alerts
Mail alerts
Security alerts
These alerts are generated from third-party services, such as SIEMs, mailboxes, and data.
Cortex XSOAR includes several out-of-the-box incident types, fields, and layouts, which can be customized to suit your use case. Incidents can also be created manually, from a JSON file, the Cortex XSOAR RESTful API, or an integration feed.
When incidents have been created, you can start managing and investigating incidents in Cortex XSOAR.