04-23-2025 08:06 AM
Hello team!
I would like to know if there is an option for mass closure of incidents in XSIAM.
I have the following scenario of 2000 open incidents and I would like to perform mass closure of these open cases. Is there any way to do this?
06-05-2025 01:57 PM
This is the XSOAR forum, please repost this in the XSIAM board: https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/bd-p/Cortex-XSIAM-Discussions
06-25-2025 04:30 AM
Even though this is the wrong forum here is a solution you can resolve a large amount of case in bulk using the External API for the XSIAM.
Take note that the docs still use the terms 'Incident' and 'Alerts' but this works for cases and issues.
Make a script that gets all the incidents you want, extract the ID's into a list and then
for i in inc_id:
Update Alert:
status: resolved
Many thanks,
MichaelSysec242
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
