https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-incident-best-practices/m-p/537113#M3996 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/262810">@Jeroen_Proost</a>,<BR /><BR />Thank you for writing to live community. This indeed sounds like a very broad subject. Do you think you can elaborate a bit on what you mean or what you're hoping to achieve?<BR /><BR />This can be taken in multiple different directions - <A href="about:blank" target="_self">alert tunings,&nbsp;</A><A href="http://&lt;iframe%20width=&quot;600&quot; height=&quot;338&quot; src=&quot;https://www.youtube.com/embed/4MAtHYsbl6s&quot; title=&quot;SOC Analysts - Understanding Incident Resources&quot; frameborder=&quot;0&quot; allow=&quot;accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share&quot; allowfullscreen&gt;&lt;/iframe&gt;" target="_self">incident sources</A>,&nbsp;<A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Analytics-Concepts" target="_self">analytics detection time intervals.</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 30 Mar 2023 14:42:15 GMT mavraham 2023-03-30T14:42:15Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-incident-best-practices/m-p/537110#M3995 <P>Hello,<BR /><BR />I know this migth not easy to answer, but I'm going to take my chance anyway.<BR />Are there any incident best practices for (each) Cortex XDR detector&nbsp;documented ? For example what a certain detector means, what the best thing is to do in this case, ...<BR /><BR />Thank you very much,<BR /><BR /></P> Thu, 30 Mar 2023 14:10:06 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-incident-best-practices/m-p/537110#M3995 Jeroen_Proost 2023-03-30T14:10:06Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-incident-best-practices/m-p/537113#M3996 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/262810">@Jeroen_Proost</a>,<BR /><BR />Thank you for writing to live community. This indeed sounds like a very broad subject. Do you think you can elaborate a bit on what you mean or what you're hoping to achieve?<BR /><BR />This can be taken in multiple different directions - <A href="about:blank" target="_self">alert tunings,&nbsp;</A><A href="http://&lt;iframe%20width=&quot;600&quot; height=&quot;338&quot; src=&quot;https://www.youtube.com/embed/4MAtHYsbl6s&quot; title=&quot;SOC Analysts - Understanding Incident Resources&quot; frameborder=&quot;0&quot; allow=&quot;accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share&quot; allowfullscreen&gt;&lt;/iframe&gt;" target="_self">incident sources</A>,&nbsp;<A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Analytics-Concepts" target="_self">analytics detection time intervals.</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 30 Mar 2023 14:42:15 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-incident-best-practices/m-p/537113#M3996 mavraham 2023-03-30T14:42:15Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-incident-best-practices/m-p/537197#M4003 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/167148">@mavraham</a>&nbsp;,<BR /><BR />Thank you very much for your reply.<BR />Indeed, maybe this is even nearly impossible or would take a very long time to document. I want to create a guideline, or maybe even an incident response plan, not only for myself but also for my colleagues just to be sure I am doing the right thing in case of an incident.<BR />I know such things should rely on experience, but at the moment, I lack of that.<BR /><BR />I want to learn, know what to do, gain experience,... I will definitely check out the links you included, thank you for that.</P> Fri, 31 Mar 2023 06:32:55 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-incident-best-practices/m-p/537197#M4003 Jeroen_Proost 2023-03-31T06:32:55Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-incident-best-practices/m-p/537537#M4031 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/262810">@Jeroen_Proost</a>&nbsp;</P> <P>&nbsp;</P> <P>Check out our webinars (link below and with the help of SmartScore feature (link below), this will help/guide Analyst which incident to prioritize and investigate.&nbsp;</P> <P>You can explore our journey phases in our <A href="https://live.paloaltonetworks.com/t5/cortex-xdr/ct-p/Cortex_XDR" target="_self">Live Community</A> page and select whether you have Prevent or Pro license.</P> <P><A href="https://live.paloaltonetworks.com/t5/cortex-xdr-webinars/customer-success-webinar-cortex-xdr-soc-analysts-understanding/ta-p/488372" target="_blank">https://live.paloaltonetworks.com/t5/cortex-xdr-webinars/customer-success-webinar-cortex-xdr-soc-analysts-understanding/ta-p/488372</A></P> <P><A href="https://live.paloaltonetworks.com/t5/cortex-xdr-webinars/cortex-xdr-customer-success-webinar-alert-tuning-operations/ta-p/505838" target="_blank">https://live.paloaltonetworks.com/t5/cortex-xdr-webinars/cortex-xdr-customer-success-webinar-alert-tuning-operations/ta-p/505838</A></P> <P><A href="https://live.paloaltonetworks.com/t5/cortex-xdr-how-to-videos/cortex-xdr-how-to-video-smartscore/ta-p/513374" target="_blank">https://live.paloaltonetworks.com/t5/cortex-xdr-how-to-videos/cortex-xdr-how-to-video-smartscore/ta-p/513374</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 04 Apr 2023 06:06:55 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-incident-best-practices/m-p/537537#M4031 jcandelaria 2023-04-04T06:06:55Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-incident-best-practices/m-p/538218#M4075 <P>Thank you very much&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/174003">@jcandelaria</a>&nbsp; !</P> Tue, 11 Apr 2023 09:12:20 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-incident-best-practices/m-p/538218#M4075 Jeroen_Proost 2023-04-11T09:12:20Z