Create an Incident Type

Create and edit Incident types in Cortex XSOAR.
Create an incident type specifically for an event you want Cortex XSOAR to deal with.
  1. Select
    Settings
    Advanced
    Incidents Type
    New Incident Type
    .
  2. In the
    Settings
    tab, add the following parameters, as required:
    Field
    Description
    Name
    Enter a descriptive name for the task. Try to make this as informative as you can so readers of the playbook can know what the task does before viewing the task details.
    Default playbook
    Select the playbook that is associated with the incident type by default.
    Layout
    Select the incident layout for the incident type. To customize the incident layout, see Customize Incident Layouts.
    Run playbook automatically
    Determines if the playbook runs when the event is ingested.
    Post Process using
    Select the post process script to run on these incident types, after they have been processed.
    SLA
    Determines the SLA for this incident type in any combination of Weeks, Days, and Hours.
    Set Reminder at
    Optionally configure a reminder for the SLA in any combination of Weeks, Days, and Hours.
  3. In the
    Indicators Extraction Rules
    tab, add the required indicator extraction rules.
  4. Click
    Save
    .

Recommended For You