Incidents - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Cloud Documentation

Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2025-01-15
Category
Administrator Guide
Solution
Cloud
Abstract

Incidents are potential security data threats that are ingested or created in Cortex XSOAR for investigation and remediation.

Incidents are potential security data threats that SOC analysts identify and remediate. There are several incident triggers, including:

  • SIEM alerts

  • Mail alerts

  • Security alerts

These alerts are generated from third-party services, such as SIEMs, mailboxes, and data.

Cortex XSOAR includes several out-of-the-box incident types, fields, and layouts, which can be customized to suit your use case. Incidents can also be created manually, from a JSON file, the Cortex XSOAR RESTful API, or an integration feed.

When incidents have been created, you can start managing and investigating incidents in Cortex XSOAR.