Skip to main content

Cortex XDR Incident Sync

This Playbook is part of the Cortex XDR by Palo Alto Networks Pack.#

Compares incidents in Palo Alto Networks Cortex XDR and Cortex XSOAR, and updates the incidents appropriately. When an incident is updated in Cortex XSOAR, the XDRSyncScript will update the incident in XDR. When an incident is updated in XDR, the XDRSyncScript will update the incident fields in Cortex XSOAR and rerun the current playbook. Do not use this playbook when enabling the incident mirroring feature added in XSOAR version 6.0.0.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • Builtin

Scripts#

  • XDRSyncScript
  • StopScheduledTask

Commands#

  • closeInvestigation
  • xdr-update-incident

Playbook Inputs#

There are no inputs for this playbook.

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

PaloAltoNetworks_Cortex_XDR_Incident_Sync

Edit this page
Report an Issue