https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-alerts/m-p/526632#M3370 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/242705">@YilmazDincer</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thank you for writing to live community!</P> <P>&nbsp;</P> <P>In the alerts table, we have couple of columns &nbsp;besides alert sources, which shows in details the categories and modules through which alerts are generated. This works best in case of XDR agent based alerts. The two columns are “Category” and “Module”.</P> <P>&nbsp;</P> <P>Try viewing these two column and later use these as filter and you should be able to segregate alerts on basis of your requirements of category and modules of alerts as well.</P> <P>&nbsp;</P> <P>Hope this helps!&nbsp;<BR /><BR /></P> <P>please mark this response as “Accept as Solution” if it resolves your query.</P> Wed, 11 Jan 2023 11:16:55 GMT neelrohit 2023-01-11T11:16:55Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-alerts/m-p/526626#M3369 <P>I want to process the alarms received by XDR. To do this, I first need to separate the incoming alarms according to their class. If I separate them according to source, I should examine them in 4 classes as "XDR IOC, XDR BIOC, XDR Agents, XDR Analytics". Does this cover them all?</P> <P>And is there a source that shows the alarms brought by "XDR Agents" (for example Wildfire )?</P> Wed, 11 Jan 2023 09:33:22 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-alerts/m-p/526626#M3369 YilmazDincer 2023-01-11T09:33:22Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-alerts/m-p/526632#M3370 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/242705">@YilmazDincer</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thank you for writing to live community!</P> <P>&nbsp;</P> <P>In the alerts table, we have couple of columns &nbsp;besides alert sources, which shows in details the categories and modules through which alerts are generated. This works best in case of XDR agent based alerts. The two columns are “Category” and “Module”.</P> <P>&nbsp;</P> <P>Try viewing these two column and later use these as filter and you should be able to segregate alerts on basis of your requirements of category and modules of alerts as well.</P> <P>&nbsp;</P> <P>Hope this helps!&nbsp;<BR /><BR /></P> <P>please mark this response as “Accept as Solution” if it resolves your query.</P> Wed, 11 Jan 2023 11:16:55 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-alerts/m-p/526632#M3370 neelrohit 2023-01-11T11:16:55Z