This answer is insufficient. The poster asked for the API endpoint that can be used to update an incident. That information is not provided anywhere in the reply. Instead, the responder refers the poster to the Cortex XSOAR API Guide which, while being quite lengthy, lacks far more helpful information than it provides. For instance, every definition example in that guide (except for numerical and boolean values, which really don't need examples) is completely useless. A better solution reply would identify the endpoint and provide a detailed example of a typical request message body that modifies an incident's required, optional, and custom fields. Bonus points for some explanations on how to avoid common "bad request" errors for that endpoint.
... View more