Create a Data Collection Task - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-03-28
End_of_Life
EoL
Category
Administrator Guide
Abstract

Create a data collection task in a Cortex XSOAR playbook. Multi-question survey (form), responses are recorded in incident’s context data.

The Data Collection task is a multi-question survey (form), which recipients access from a link in the message. The survey resides on an external site that does not require authentication, thereby allowing survey recipients to respond without restriction.

You can include the following types of questions in the survey:

  • Standalone questions. These are presented to users directly in the message, and from which users answer directly in the message (not an external survey).

  • Field-based questions. These are based on a specific Cortex XSOAR field (either system or custom), for example, a Grid field. The response (data) received for these fields automatically populates the field for this incident in Cortex XSOAR. For single select field based questions, the use first as default definition is taken from the field’s matching attribute.

You can collect responses in custom fields, for example, a Grid field.

Note

If responses are received from multiple users, data for multi-select fields and grid fields are aggregated. For all other field types, the most recent received response will override previous responses as it displays in the field. All responses are always viewable in the context data.

If the playbook was installed from a Content Pack, duplicate or detach the playbook, before creating a data collection task.

  1. In a playbook, click + (Create task).

    playbook-create_task2.png
  2. Select the Data Collection option.

    playbook-data-collection.png
  3. Enter a meaningful name in the Task Name field for the task that corresponds to the data you are collecting.

    playbook-task_name.png
  4. In the Ask by field, select how the message or survey will appear to users and how the message or survey will be sent.

    • If you select Email, enter the subject and message of the email and the email addresses of the users who should receive this message or survey.

    • If you do not select email, this will be a task. Enter the task message.

    The survey does not appear in the message. A link to the survey is automatically placed at the bottom of the message. This link is also accessible from the Incident's Context Data, accessible from the ellipses menu in the Incident page.

    playbook-comm-channel.png
  5. Enter the questions and answer types that the survey will contain.

    You create questions in the survey, you can drag-and-drop questions to rearrange the order in which they display in the survey.

    playbook-questions.png
  6. (Optional) To customize the look and feel of your email message, click Preview.

    You can determine the color scheme and how text in the message header and body appear, as well as the appearance and text of the button the user clicks to submit the survey.

    playbook-preview.png