At what stage during the incident lifecycle is an incident type assigned?
At what stage during the incident lifecycle is an incident type assigned?
An incident type is assigned during the incident creation stage. At this stage, based on the classifications and preprocessing rules applied to the ingested events, incidents of various types are created. This allows the system to categorize and list them appropriately, which is essential for further handling and investigation.
Incident creation
B Incident Created# Based on the definitions you provided in the Classification and Mapping stage, as well as the rules you created for pre-processing events, incidents of various types are created. The incidents all appear in the Incidents page of the Cortex XSOAR user interface, where you can start the process of investigating. https://xsoar.pan.dev/docs/incidents/incident-xsoar-incident-lifecycle
I'd say it was B 3. Classification and Mapping Cortex XSOAR will take fetched data and the events ingested from integrations—classified into incident types—and map them to existing fields. 4. Pre-processing Specific actions are performed, such as linking incoming events to an existing incident during the incident ingestion. 5. Create an Incident <<HERE>> Based on Classification and preprocessing rules applied to the ingested events, incident of various types are created and listed on the Incidents page.