Cortex SOAR
version: 1.2.0
Cortex XSOAR is a comprehensive security orchestration, automation and response (SOAR) platform that unifies case management, automation, real-time collaboration and threat intel management to serve security teams across the incident lifecycle.
Create or Update an Incident
Creates a new incident or updates an existing incident.To update an existing incident, you must update the version parameter.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Create or Update Incident Body | Jinja templated json containing body to create or update an incident. To update an existing incident, you must update the version parameter. Example : {"severity": 2,"reason": "reason","closeNotes": "closeNotes","sla": 0.8008281904610115,"rawJSON": "rawJSON","type": "Unclassified","createInvestigation": true,"labels": [ { "type": "type", "value": "value" }, { "type": "type", "value": "value" }],"playbookId": "playbookId","name": "name","closed": "2000-01-23T04:56:07.000+00:00","modified": "2000-01-23T04:56:07.000+00:00","details": "details","closeReason": "closeReason","status": 2} | Required |
Output
JSON containing the following items:
{
"result": {},
"error": null,
"has_error":false,
}
Get Specific Incident
Get the incident details of the specified incident ID
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Incident Id | Jinja templated text that contains id of requested incident | Required |
Output
JSON containing the following items:
{
"result": {},
"error": null,
"has_error":false,
}
Close Incident
Close the specified incident.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Close Incident Body | Jinja templated json containing body to close the specified incident and optionally set a closing note. Example : {"CustomFields": {},"id": "157447","closeNotes": "close_note_oAZROKPJ"} | Required |
Output
JSON containing the following items:
{
"result": {},
"error": null,
"has_error":false,
}
Release Notes
v1.2.0- Introduction of Cortex XSOAR integration
Updated 20 days ago