Customize and troubleshoot Cortex XSOAR with server configuration settings.
Cortex XSOAR provides custom server configuration settings that enable you to customize your Cortex XSOAR on the tenant level. You can also use custom server configuration settings in situations where you experience issues or need to troubleshoot situations in your environment.
To modify or add server configurations:
Navigate to
→ → → → .Click Add Server Configuration or edit an existing configuration.
Enter the key and value.
Click Save.
Engines
Key | Description | Default |
---|---|---|
| Increases the timeout, in seconds, for a specific integration when using an engine. For example, change it to 300 seconds. Type in this format adding the brand name:
| 60 |
| Specifies which users receive an email notification when an engine disconnects. A comma-separated list of Cortex XSOAR users. For example:
| N/a |
Google API
Key | Description | Default |
---|---|---|
| Entities that have Geo-location information (latitude and longitude) can be displayed on a Google map, by utilizing the Google Map API (which is required). For example, if you want to see the physical location of a computer that was attacked by Malware. To display the physical location of an entity on a map, run this command with the value: | N/a |
Incidents
Key | Description | Default |
---|---|---|
| Customizes close reasons in a comma-separated list. For example:
|
|
| By default, when editing the following inline values in an incident/indicator/threat intel report, the changes are not saved until you confirm your changes (clicking the checkmark icon in the value field).
These icons are designed to let you have an additional level of security before you make changes to the fields in incidents/indicators. Set this configuration to true, to enable you to make changes to the inline fields without clicking the checkmark. The changes are automatically saved when clicking anywhere on the page or when navigating to another page. For text values, you can also click anywhere in the value field to edit. |
|
| Whether to add chats and notes to the closed investigation (set to |
|
| List of names in CSV format to receive notifications when an integration experiences a fetch error. For more information, see Receive notifications on an incident fetch error. | N/a |
| Whether to export incidents and indicators to CSV using the UTF8-BOM format. For more information, see Export an incident to CSV using the UTF8-BOM format. |
|
Indicators
Key | Description | Default |
---|---|---|
| The reliability of the score from a reputation script. |
|
| Enables the indicator timeline in the indicator extraction flow. For more information, see Configure the indicator timeline. |
|
| Enables the indicator timeline in all flows. For more information, see Configure the indicator timeline. |
|
Integrations
Key | Description | Default |
---|---|---|
| Timeout in minutes for specific integration commands. |
|
| The interval for the job in minutes. For more information, see Special Server Configurations. |
|
| Enable or disable the mirroring job. For more information, see Special Server Configurations. |
|
Notifications
Key | Description | Default |
---|---|---|
| Set to true to enable notification for new content updates. |
|
| Notifies all users by email when there is a content update available (comma-separated user names in Cortex XSOAR). | N/a |
| Whether to ignore failed fetch incident messages. For more information, see Receive notifications on an incident fetch error. |
|
| Whether to disable notifications when an incident is changed. |
|
| Whether to disable notifications, when an incident is opened. |
|
| Whether to disable notifications when an incident is assigned. |
|
| Whether to disable notifications when an incident is closed. |
|
| List of names in CSV format. For example, | N/a |
| Select which email sender should send the notification. For more information, see Configure notifications in Cortex XSOAR. |
Playbooks
Key | Description | Default |
---|---|---|
| Customizes the SOC name in the survey header for an Ask task. For more information, see Customize the SOC Name. | N/a |
| Whether to display the links generated for an Ask task in the Context Data of the Work Plan. |
|
| Whether to display the links generated for a Data Collection task in the Context Data of the Work Plan. |
|
| Whether to allow the Do Not Use By Default checkbox to affect playbooks. By default the Cortex XSOAR playbook does not take Do not use by default into account (only for CLI Commands). For example, if you have 3 mail sender instances, 2 of them are set to not use by default, when running the playbook without specifying an instance, it sends with all 3 instances. After you set this configuration to true, it only sends from the one that is not marked as do not use by default. |
|
Proxy
Key | Description | Default |
---|---|---|
| The address (including the HTTPS prefix) of the proxy used for external user communication in a conditional task. | N/a |
Remote Repository
Key | Description | Default |
---|---|---|
| Set to true to restrict access for pushing content to a remote repository to administators only. NoteWhen set to true this key also removes the Save Version feature. This prevents users who don't have administration permissions from pushing content changes to the remote repository. For more information, see Remote repository management. |
|
Reports
Key | Description | Default |
---|---|---|
| Configure the timezone for widgets in a report. For more information, see Configure the timezone in a report. | Local time/Location |
Scripts
Key | Description | Default |
---|---|---|
| The timeout, in minutes, to prevent blank pages when running a script. If you generate a report that runs a script and has blank pages you can Troubleshoot the script timeout. For more information, see Troubleshoot script timeout for reports. |
|
System Settings
Key | Description | Default |
---|---|---|
| If set to true, settings for Keyboard Shortcuts, Timezone, and Timestamp format appear on the Server Settings page. By default, these settings instead appear on the Preferences tab of the User Details page. |
|
SLA
Key | Description | Default |
---|---|---|
| Change the SLA risk threshold. |
|
Widgets
Key | Description | Default |
---|---|---|
| Amount in Dollars. Relevant for ROI widget. For more information, see Saved By Dbot (ROI) Widget. |
|