Incidents and indicators investigation - After you ingest incidents and indicators, take action on the incident and indicator as part of your investigation. - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR SaaS Documentation
Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2025-11-09
Category
Administrator Guide
Solution
SaaS
Abstract

After you ingest incidents and indicators, take action on the incident and indicator as part of your investigation.

Cortex XSOAR enables you to centralize and manage every aspect of your investigations. Consolidate evidence, assign and review tasks, and leverage the Workplan to orchestrate your response. Deduplicate incidents and create and close them efficiently. For indicators, create, extract, and enrich them. For more information, see Indicator investigation.