Create an Incident

Create a new incident in Cortex XSOAR, manually, through a feed, or by importing a JSON file.
Cortex XSOAR incidents can be created manually, from a JSON file, from the Cortex XSOAR RESTful API, or from an integration feed.
The import JSON feature enables you to import event data from third party software and use it to create new incidents in Cortex XSOAR. These incidents can be used to build and troubleshoot playbooks for integrations that have not yet been installed or configured.
  • Create an incident manually.
    Go to the
    Incidents
    page, click
    New Incident
    and enter relevant data, including custom fields if needed.
  • Create an incident from a JSON file.
    1. Go to
      Settings
      Classification & Mapping
      and select the mapper you want to use.
    2. From the
      Get Data
      drop-down, choose
      Upload JSON
      , click on the paper clip icon and upload the JSON file.
    3. From the menu, select
      Create Incident from JSON
      . Select the incident type and
      Create Incident
      .
  • Create an incident via the API. To view the full REST API documentation, select
    Settings
    INTEGRATIONS
    API Keys
    View Cortex XSOAR API
    . To create a single incident via the API, use the /incident route. If you create an incident via the API and do not set
    createInvestigation
    to true, the incident will be created but an investigation will not be opened and a playbook will not automatically run. To create multiple incidents, use /incident/batch. The minimum information required to create a single incident via the API is the incident name.

Recommended For You