topic Re: Search incidents by context value in Cortex XSOAR Discussions

Search incidents by context value

Josep — Thu, 15 Sep 2022 11:57:39 GMT

Hello,

There are incidents with a context value "content : exception"

Which query command on "Search in incidents" could find all incidents with this context value?

Re: Search incidents by context value

jfernandes1 — Fri, 16 Sep 2022 00:23:36 GMT

We do not index context items outside the incident key. If you want to filter incidents based on that data I would suggest implementing a new field.

If this is a one-time thing, you could try the FindSimilarIncidents automation. The automation searches for similar incident using indexed fields first, by using the similarIncidentFields and similarIncidentKeys parameters. After the first level of filtering, the automation then searches for incidents that have similar context keys using the similarContextKeys parameter. You can use this as a way of searching.

Re: Search incidents by context value

Josep — Fri, 16 Sep 2022 05:59:32 GMT

Thanks for the reply. I understand, search for the context of all the incidents is too much for the XSOAR. So the point is to find the similiar incidents and then look inside their context.