View service limit errors and warnings on the Guard Rails page - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Cloud Documentation

Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2024-11-14
Category
Administrator Guide
Solution
Cloud
Abstract

Use the Guard Rails page to see details about service limit errors or warnings.

The Guard Rails page provides a list of thresholds and warnings that occur during incident ingestion, investigation, and response. It helps to keep your environment stable and prevent actions that can cause major performance degradation or instability. The list of service limit errors and warnings is regularly updated to support ongoing changes in your environment.

The Guard Rails page

The Guard Rails page displays a table with a list of service limit errors and warnings and their details.

An error occurs when a service limit is exceeded. For example, an error can be generated for exceeding the size limit of an attachment, or for exceeding the number of entries per incident.

A warning occurs when approaching the service limit. For example, a warning can be generated when the number of entries per incident is approaching the service limit or the number of linked incidents is approaching the service limit. The service limits are defined out-of-the-box.

Access the Guard Rails page from Cortex XSOAR Settings & InfoSettingsSystem.

The table shows the following information:

Column

Description

ID

(Hidden by default) The log number.

Timestamp

The date/time the error or warning occurred.

Type

The object type the error or warning occurred on, for example, an incident or indicator.

Subtype

The object subtype, for example, entries or attachments (N/A if it doesn't exist).

Level

Whether the item is an error or a warning.

Object ID

The ID of the restricted object.

Count

The number of times a specific item occurred in the last calendar day.

Description

A short description of the error or warning.

Note

Identical messages generated within the same day are not duplicated in the table, only the Count is updated and the Timestamp reflects the last error or warning from the same type. A count greater than one indicates an identical error or warning occurred more than once within the same day.

Cortex XSOAR service limits for incident and indicators

Cortex XSOAR supports one or more tenants per customer: One for production, and one or more for development. The development tenant allows you to develop and test components (such as playbooks, automation scripts, and screen layouts) before they are deployed to production.

Cortex XSOAR offers service limits for the number of incidents and indicators that can be ingested and stored. The Guard Rails page indicates when an incident or indicator size exceeds predefined service limits and may affect performance.

For more information, see Cortex XSOAR service limits.