Create an incident profile

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • Determine the Cortex XSIAM incidents that are suitable for creating security incidents by creating an incident profile in your ServiceNow AI Platform® instance.

    始める前に

    Role required: sn_si.admin, sn_si.ingestion_profile_admin

    手順

    1. Navigate to All > Palo Alto Networks XSIAM > XSIAM Profile.
    2. Select New to create a new profile.
    3. On the form, fill in the fields.
      表 : 1. Incident Profile form
      Field Description
      Name

      Name of the profile.

      This name is also the default name for the security tag associated with this profile.
      Active

      Option to make the profile active.

      When a profile is active, the ServiceNow AI Platform® actively polls XSIAM incidents and corresponding security incidents are created in ServiceNow AI Platform® when the filtering conditions are matched.
      Source XSIAM tenant that you configured to ingest incidents. If you have multiple tenants configured, select the appropriate tenant for the incident types you are planning to ingest for the profile.
      Order Priority in which the profiles are executed when two or more profiles share triggering conditions. Priority values are provided as 100 (the default value), 200, 300, and so on.

      The profile with the lowest number has the highest priority.
      Description Optional description of the profile.

      Create an incident profile

    4. Select Continue.

      The initial incident profile is created with basic information. Saving the profile at this point enables you to continue with defining the profile in case you’re interrupted.

    5. オプション: Continue with the profile definition process immediately.
      1. Select the profile you created.
      2. Select Alert Sources in the progress bar.

    次のタスク

    Set Alert Sources