Change the Display Name of Security Incidents - Administrator Guide - 6.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.6
Creation date
2022-09-29
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Add a Cortex XSOAR server configuration to change the name of security incidents from ‘incident’ to another term - cases, issues, etc.

In Cortex XSOAR, the default term used for a security incident is incident. You can change the term that is used for security incidents from a predefined list of options. This term displays in reports, menus, tables, and commands (local and server) in Cortex XSOAR.

When you change the display name of a security incident, the following commands are deprecated and are replaced with commands with the new name:

  • associateIndicatorstoIncident

  • associateIndicatortoIncident

  • createNewIncidents

  • linkIncidents

  • relatedIncidents

  • setIncident

  • unAssociateIndicatorstoIncident

  • unAssociateIndicatortoIncident

For example, if you change the security incident name to Cases, the setIncident command appears as setIncident (Deprecated) and the setCase command replaces it. You can still use the deprecated command but it is recommended to replace the command for clarity.

The term you select does not change the display name for content-related items, such as playbooks, integrations, scripts, dashboards, or the API.

Note

(Multi-Tenant) When changing the display name of security incidents, the URL link which contains /incident may not work properly. For example, when changing the incident to case, sometimes the links are formed with the/incident URL and not with the /case URL. This can usually be corrected by clearing the browser cache and reloading the page.

  1. Navigate to SettingsAboutTroubleshooting.

  2. In the Server Configuration section, click Add Server Configuration.

  3. In the Key field type UI.term.incident.

  4. In the Value field enter the value for the term. In the following table, the Command column displays the correct command to use.

    Value

    Term

    Command

    0

    Incidents (default)

    setIncident

    1

    Cases

    setCase

    2

    Alerts

    setAlert

    3

    Events

    setEvent

    4

    Plays

    setPlay

    5

    Tickets

    setTicket

    6

    Issues

    setIssue

  5. Restart the server.