Shift Management - Administrator Guide - 6.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.6
Creation date
2022-09-29
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Shift management helps you define multiple shifts within Cortex XSOAR. Shifts are assigned to user roles and enable you to assign available analysts.

Shift management helps you define multiple shifts within Cortex XSOAR. Each shift can be assigned to a user role so you are able to assign one or more analysts across different shifts.

You can do the following:

  • Enable incidents to be routed automatically to analysts based on shifts, workload, and machine learning recommendations, ensuring full staff coverage for incoming incidents.

  • Define multiple shifts, which can be added to a role, and in turn assigned to a user. To manage shift periods for users, see Managing Shifts.

  • Automatically route incidents to analysts based on shifts, workload, and machine learning recommendations in playbooks and automations. For example, the AssignAnalystToIncident automation, automatically assigns the incident based on who is on call and who is active (not set to away).

After assigning the role to users, Cortex XSOAR recommends who to assign incidents. When assigning an analyst to an incident, these shifts can be taken into account.

Note

If you want to consider on-call users only, run the getOwnerSuggestions command.