Select the correct incident life cycle on XSOAR.
Select the correct incident life cycle on XSOAR.
The correct incident life cycle in XSOAR involves several key stages, starting from planning and moving through systematic phases to ensure proper handling of incidents. The stages are Planning, followed by Incident Ingestion where events are brought into the system. Next comes Incident Creation where these events are turned into defined incidents. Following this, Mapping and Classification defines and categorizes the incidents. Pre-processing then applies any initial rules or actions necessary before the primary response, which is carried out in the Playbook runs. Finally, Post-processing handles the closure and review of the incident. This systematic approach ensures thorough and organized incident management.
D https://xsoar.pan.dev/docs/incidents/incident-xsoar-incident-lifecycle
I think it is D - The pre-processing rule defines what to do if incident is of type X, therefore there has to be an incident for this to occur. Planning > Incident Ingestion > Mapping and Classification > Pre-processing > Incident Creation > Playbook runs > Post-processing
D is correct
Sorry, it's A - Here is why: Stage 1 - Event Ingestion Stage Two: Incident Object Creation Cortex XSOAR uses the event data fetched by an integration to create an incident object and populates it with raw event data.