Skip to main content
Question

Custom Case Close Reason

  • November 21, 2025
  • 1 reply
  • 24 views
Dominik_Albrink
Forum|alt.badge.img+1

Hello,

we want to consolidate the Reason & Root Causes for closing Incidents for our complete Security Stack (XDR, SIEM, SOAR, ITSM…)

In order to do so we’ve created a custom List with new Reasons and Root Causes which I need to implement in SOAR.
As far as I can see I can edit and remove Root Causes in the SOAR settings but is it possible to have my own Reasons besides Malicious, Not Malicious….. integrated into SOAR for an Analysts or PB to choose from - except from custom fields which would create an additional field? 
 


Best regards

Dominik

1 reply

cmorris
Staff
Forum|alt.badge.img+10
  • cmorris
  • Staff
  • November 21, 2025

You would need to use the Custom Fields here. There is not a way to edit the reason at this time.

kentphelps
SoarAndy
Dominik_Albrink
Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.