End-of-Life (EoL)

Incident Customization

incidents
All incidents that are ingested into Cortex XSOAR have an incident type, when they are classified. After you classify the incident you can then map the relevant fields to the incident.
If the incident type does not exist you can create an incident type and classify the incident according to this incident type. For example where an integration comes out of the box with access and authentication incident types, but if other incidents are ingested you need to create an incident type that does not include access and authentication.
Each incident type has a unique set of data that is relevant to that specific incident type. It is important to display the most relevant data for users at all stages of the incident life cycle.
You can create, import, export, and customize incident types, by going to
Settings
ADVANCED
Incident Types
.
All incidents that are ingested into Cortex XSOAR have an incident type, when they are classified. After you classify the incident you can then map the relevant fields to the incident.
If the incident type does not exist you can create an incident type and classify the incident according to this incident type. For example where an integration comes out of the box with access and authentication incident types, but if other incidents are ingested you need to create an incident type that does not include access and authentication.
Each incident type has a unique set of data that is relevant to that specific incident type. It is important to display the most relevant data for users at all stages of the incident life cycle.
Customize Incident Layouts
You can Customize Incident Layouts to ensure that you see the information that is relevant to the incident type. You can duplicate and edit an incident layout, detach the incident type, and then edit the incident type to add the new layout.
Auto Extract Indicators
The auto extract feature extracts indicators and enriches their reputations using commands and scripts defined for the indicator type. You can set how to extract indicators when editing or creating an incident type.

Recommended For You