Skip to main content
All CollectionsTemplatesBasic
Fetch Incidents from Cortex XDR on a Schedule - Workflow Template
Fetch Incidents from Cortex XDR on a Schedule - Workflow Template

On a schedule, fetch new incidents from Cortex XDR using pagination.

Updated over 3 months ago

Automate threat hunting tasks by scheduling regular fetches of new incidents from Cortex XDR with Torq's workflow template. Periodically update a global variable to use as a time pointer and gather all recent incidents to stay ahead of potential threats. This workflow is designed to streamline identification and analysis phases in incident response, ensuring timely and effective security operations.

Use Cases

Threat Hunting

Workflow Breakdown

  1. Set and update a Global Variable for the time pointer if one does not already exist.

  2. Fetch and collect new incidents within the timeframe.

Vendors

Utils, Palo Alto Networks Cortex XDR, Torq

Workflow Output

A collection of Incidents.

Did this answer your question?