Abstract
After you ingest incidents and indicators, take action on the incident and indicator as part of your investigation.
Cortex XSOAR enables you to centralize and manage every aspect of your investigations. Consolidate evidence, assign and review tasks, and leverage the Workplan to orchestrate your response. Deduplicate incidents and create and close them efficiently. For indicators, create, extract, and enrich them. If you have a TIM license, you can use Unit 42 Intel data to investigate indicators, send sessions and submissions, manage indicator relationships to gain deeper insights and create Threat Intel Reports. For more information, see Indicator investigation.