topic Re: Automate changes to Incident and Alerts to send to backend system in Cortex XSIAM Discussions https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/automate-changes-to-incident-and-alerts-to-send-to-backend/m-p/1231059#M204 <P>Ok so for anyone interested.. not something that is supported it seems.. however there are ways.</P> <P>in my case, this will require a Job to be scheduled to trigger a playbook, the playbook will run the 'core-get-incidents' script that i can set on a time base for the '<SPAN class="script-arguments-task-arg-label-and-help"><SPAN class="">since_modification_tim</SPAN></SPAN>e' input say to 1 hour.. that means any change to an incident in the last hour (severity, assignment,status) will be added to the context data and this can be send to the webhook url as a payload.</P> <P>then up to the devs on the webhook end to compare the data received to that of the already existing incident in the backend and update the fields if the changes are found to have changed.</P> <P>bit of a process but the only we can get something at least. in this instance we use swimlane soar in the backend and there is no integration content pack yet for this platform..</P> <P>hope this helps</P> <P>&nbsp;</P> Thu, 05 Jun 2025 07:16:39 GMT PA_nts 2025-06-05T07:16:39Z Automate changes to Incident and Alerts to send to backend system https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/automate-changes-to-incident-and-alerts-to-send-to-backend/m-p/1230164#M198 <P>So looking at a way for when an analyst is working on an incident/case in XSIAM so that, if they add any notes, change the assignment, change severity, run commands in warroom etc - that these changes are sent automatically to a backend webhook via http post or API.</P> <P>&nbsp;</P> <P>anyone done this before or know if possible?</P> <P>thanks in adv</P> Tue, 27 May 2025 10:04:28 GMT https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/automate-changes-to-incident-and-alerts-to-send-to-backend/m-p/1230164#M198 PA_nts 2025-05-27T10:04:28Z Re: Automate changes to Incident and Alerts to send to backend system https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/automate-changes-to-incident-and-alerts-to-send-to-backend/m-p/1231059#M204 <P>Ok so for anyone interested.. not something that is supported it seems.. however there are ways.</P> <P>in my case, this will require a Job to be scheduled to trigger a playbook, the playbook will run the 'core-get-incidents' script that i can set on a time base for the '<SPAN class="script-arguments-task-arg-label-and-help"><SPAN class="">since_modification_tim</SPAN></SPAN>e' input say to 1 hour.. that means any change to an incident in the last hour (severity, assignment,status) will be added to the context data and this can be send to the webhook url as a payload.</P> <P>then up to the devs on the webhook end to compare the data received to that of the already existing incident in the backend and update the fields if the changes are found to have changed.</P> <P>bit of a process but the only we can get something at least. in this instance we use swimlane soar in the backend and there is no integration content pack yet for this platform..</P> <P>hope this helps</P> <P>&nbsp;</P> Thu, 05 Jun 2025 07:16:39 GMT https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/automate-changes-to-incident-and-alerts-to-send-to-backend/m-p/1231059#M204 PA_nts 2025-06-05T07:16:39Z