Create an Incident

Create a new incident in Cortex XSOAR, manually, through a feed, or by importing a JSON file.
Cortex XSOAR incidents can be created manually, from the Cortex XSOAR RESTful API, or from an integration feed.
  • Create an incident manually.
    Go to the
    Incidents
    page, click
    New Incident
    and enter relevant data, including custom fields if needed.
  • Create an incident via the API. To view the full REST API documentation, select
    Settings
    INTEGRATIONS
    API Keys
    View Cortex XSOAR API
    . To create a single incident via the API, use the /incident route. If you create an incident via the API and do not set
    createInvestigation
    to true, the incident will be created but an investigation will not be opened and a playbook will not automatically run. To create multiple incidents, use /incident/batch. The minimum information required to create a single incident via the API is the incident name.

Recommended For You