Update Incident
Update the details of an existing incident.
External Documentation
To learn more, visit the Cortex XDR documentation.
Parameters
| Parameter | Description |
|---|---|
| Assigned Pretty Name | Updated full name of the incident assignee. To supply a new value in this field, you must also supply a value for Assigned User Mail in the same action. |
| Assigned User Mail | Updated email address of the incident assignee. |
| Comment | The text of the comment to add. |
| Incident ID | The ID of the incident to update. Can be retrieved from the 'Get All Incidents' action. |
| Resolve Comment | Descriptive comment explaining the incident change. This can be set only for resolved incidents. |
| Severity | Administrator-defined severity. |
| Status | Updated incident status. |
Workflow Library Example
Update Incident with Cortex Xdr and Send Results Via Email
Preview this Workflow on desktop