Create a new incident in Cortex XSOAR, manually, through
a feed, or by importing a JSON file.
Cortex XSOAR incidents can be created manually,
from a JSON file, from the Cortex XSOAR RESTful API, or from an
The import JSON feature enables you
to import event data from third party software and use it to create
new incidents in Cortex XSOAR. These incidents can be used to build
and troubleshoot playbooks for integrations that have not yet been
installed or configured.
Create an incident manually.
Go to the
enter relevant data, including custom fields if needed.
Create an incident from a JSON file.
Classification & Mapping
select the mapper you want to use.
, click on the paper clip
icon and upload the JSON file.
Create an incident via the API. To view the full REST
API documentation, select
View Cortex XSOAR API
. To create
a single incident via the API, use the /incident route. If you create
an incident via the API and do not set
true, the incident will be created but an investigation will not
be opened and a playbook will not automatically run. To create multiple
incidents, use /incident/batch. The minimum information required
to create a single incident via the API is the incident name.