Navigate to Settings

View the configured integrations and select Active Directory Authentication

Delete all integration instances and add all integration instances again

Navigate to Marketplace

View the installed content pack and select Active Directory content pack

Select version 1.4.6 and click on "Revert to this version"

Navigate to Settings

View the configured integrations and select Active Directory Query

Delete all integration instances and add all integration instances again

Navigate to Marketplace

View the installed content pack and select Active Directory content pack

Click on uninstall content pack

Navigate to Marketplace browser and reinstall the Active Directory content pack

Use a field trigger script

Use a field display script

Create a job that queries for incident severity changes

Change the SLA manually every time the severity changes

F - Reliability cannot be judged, A - Completely Reliable

F - Not reliable, A - Usually Reliable

F - Not usually reliable, A - Fairly Reliable

F - Unreliable, A - Completely Reliable

Min, Max, Count, Average, Custom Transformers

Min, Max, Count, Average, Custom Group By

Count, Average, Sum, Min, Max

Count, Sum, Min, Max, Transformers

By default, every 24 hours, the system closes any debugger sessions that have been open for more than 180 minutes.

The session must be stopped during 180 minutes manually by administrator, user will receive notification automatically.

The session will be running till stopped manually by administrator.

By default, the system closes automatically any debugger session that have been open 180 minutes.

1E56733826E5035233A097FCEA2046AF96EC616C

E6EF5142E2553C1E442A0FFAC07636EAC61E6EDD

8D193FA162A305E4859BA8C45F5121F7265E3ABB

e6ef5142e2553c1e442a0ffac07636eac61e6edd

Multi-region

Dev-Prod

Multi-tenant

Distributed database

Which users have permissions to view the tabs

Which roles have permissions to view the tabs

Which dashboard settings are applied

The information and how is it displayed

Which tabs appear and in which order

To run dedicated playbooks for different event types

To classify events ingested from various sources into the relevant types

To classify indicators extracted in XSOAR incidents to their respective types

To facilitate role based access to XSOAR incidents

The post-processing tag must be added to the automation

Post-processing scripts must be added at the end of playbooks

Post-processing scripts must be added from the Incident Type editor

Post-processing scripts must be added from the Post-Process Rules editor

Fields can be used in playbooks and labels cannot

Fields are indexed in the database and labels are not

Labels can be used in queries and fields cannot

Labels are indexed in the database and fields are not

3000 Incidents

Incident Field

Verdict Label

Incident Type

Share the dashboard in Read and Edit mode for senior analysts.

Share the dashboard in Read & Edit mode for senior analysts and Read Only for juniors analysts.

Share the dashboard in Read and Write mode for senior analysts.

Share the dashboard in Read Only mode for junior analysts and senior analysts.

Run Command, Export, and Close and Delete for all selected incidents regardless of their status

Assign, Edit, and Mark as Duplicate for all selected incidents regardless of their status

Run Command for all selected incidents having Active status

Export incidents as JSON and change incident status

C++, Python, Powershell

Ruby, C++, Python

Javascript, Powershell, C++

Python, Powershell, Javascript

The playbook assigned to the incident type

The playbook assigned to the indicator type

The playbook assigned during pre-processing

The playbook assigned by the integration

Python

Go

JavaScript

Perl

2 main DBs, 1 application server, 2 node servers

1 main DB, 1 application server, 3 node servers

2 application servers, 1 main DB, 1 node server

1 application server, 2 main DBs, 1 node server