Skip to main content
All CollectionsTemplatesBasic
Fetch Incidents from Cortex XDR on a Schedule - Workflow Template
Fetch Incidents from Cortex XDR on a Schedule - Workflow Template

On a schedule, fetch new incidents from Cortex XDR using pagination.

Updated over 2 months ago

Automate threat hunting tasks by scheduling regular fetches of new incidents from Cortex XDR with Torq's workflow template. Periodically update a global variable to use as a time pointer and gather all recent incidents to stay ahead of potential threats. This workflow is designed to streamline identification and analysis phases in incident response, ensuring timely and effective security operations.

Take Me to the Template

Use Cases

Threat Hunting

Workflow Breakdown

  1. Set and update a Global Variable for the time pointer if one does not already exist.

  2. Fetch and collect new incidents within the timeframe.

Vendors

Utils, Palo Alto Networks Cortex XDR, Torq

Workflow Output

A collection of Incidents.

Related Articles
Palo Alto Networks Cortex XDR
Fetch New QRadar Offenses with Pagination - Workflow Template
Send Torq Audit and Activity Logs to Singularity XDR - Workflow Template
Threat Hunt for a Specified SHA1 Signature in SingularityXDR - Workflow Template
Fetch Cyberint Alerts on a Schedule - Workflow Template
Did this answer your question?