Cortex XSOAR supports specific fields
for managing SLAs and timers.
SLAs are an important aspect of case management. You can incorporate
SLA fields in your cases so you can view how much time is left before
the SLA becomes past due, as well as configure actions to take in
the event that the SLA
does
pass.
In addition, you can now view the number of cases that are at
risk of passing the SLA, or are already late, using pre-configured
widgets. The widgets present information based on the default threshold, which can be configured
globally.
Present SLAs in Incident Summary Layouts
Once you have configured the SLA fields and timers, your incident
summary screens will display information about the status of the
SLA, if any of the SLAs are past due, and if so, by how much.
In the image above, for example, we see that the timers for several
of the fields are in various states.
Detection SLA
is
past due, while
Remediation SLA
has nearly
5 days remaining.
Customize CSV Reports for SLA Fields
You can add SLA specific information to your CSV reports. Edit
the table columns field in the JSON report to include the SLA data
that you want.
For example, assuming that you have an existing timer field named
myslatimer
,
we can use the following options as csv columns:
myslatimer
: displays a summary
of the timer status and sla.
myslatimer.runStatus
: displays a run
status of the current timer.
myslatimer.totalElapsed
: displays
the total elapsed time, in seconds, of the current timer. If the
timer has ended, it displays the total duration.
