1. Home
    2. Security Operations
    3. Cortex XSOAR
    4. Cortex XSOAR Administrator’s Guide
    5. Incidents
    6. Incident Customization
    7. Create an Incident Type
    End-of-Life (EoL)

    Create an Incident Type

    auto extract indicators layouts
    Create an incident type specifically for an event you want Cortex XSOAR to deal with.
    1. Select
      Settings
      Advanced
      Incidents Type
      New Incident Type
      .
    2. In the
      New Incident Type
       window, add the following required parameters:
      Field
      Description
      Name
      Enter a descriptive name for the task. Try to make this as informative as you can so readers of the playbook can know what the task does before viewing the task details.
      Default playbook
      Select the playbook that is associated with the incident type by default.
      Layout
      Select the incident layout for the incident type. To customize the incident layout, see Customize Incident Layouts.
      Run playbook automatically
      Determines if the playbook runs when the event is ingested.
      Determines how indicators are processed. Valid values are:
      None
      Inline
      Out of band
      Post Process using
      Select the script to run on these incident types, after they have been processed.
      SLA
      Determines the SLA for this incident type in any combination of Weeks, Days, and Hours.
      Set Reminder at
      Optionally configure a reminder for the SLA in any combination of Weeks, Days, and Hours.
    3. Click
      Save
      .

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo