https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/high-medium-low-severity/m-p/556792#M5094 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/203123">@Shashanksinha</a>&nbsp;</P> <P>&nbsp;</P> <P>Thanks for reaching out on Live Community!</P> <P>The severity of an incident is govern by the severity of alerts in it. Incident will have the same severity as of the highest severity alert in it.</P> <P>For the alert side, severity depends on the type of alert it is. BIOC/IOC alerts will have the severity that was configured in them when those rules were created. For alerts from 3rd party integration, the severity will be same as was forwarded by the integrated product.</P> <P>You can refer to below document to see the severity of analytics alerts</P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-Analytics-Alert-Reference" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-Analytics-Alert-Reference</A></P> <P>&nbsp;</P> <P>Unfortunately there is no consolidated document to show how the severity works for all kind of alerts.</P> Wed, 06 Sep 2023 16:04:53 GMT nsinghvirk 2023-09-06T16:04:53Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/high-medium-low-severity/m-p/556714#M5090 <P>Dear Team ,</P> <P>On what basis high ,medium and low severity alerts/incidents&nbsp; are&nbsp; classified on cortex XDR&nbsp;</P> <P>&nbsp;</P> <P>Regards,</P> <P>Shashank</P> Wed, 06 Sep 2023 09:30:04 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/high-medium-low-severity/m-p/556714#M5090 Shashanksinha 2023-09-06T09:30:04Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/high-medium-low-severity/m-p/556792#M5094 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/203123">@Shashanksinha</a>&nbsp;</P> <P>&nbsp;</P> <P>Thanks for reaching out on Live Community!</P> <P>The severity of an incident is govern by the severity of alerts in it. Incident will have the same severity as of the highest severity alert in it.</P> <P>For the alert side, severity depends on the type of alert it is. BIOC/IOC alerts will have the severity that was configured in them when those rules were created. For alerts from 3rd party integration, the severity will be same as was forwarded by the integrated product.</P> <P>You can refer to below document to see the severity of analytics alerts</P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-Analytics-Alert-Reference" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-Analytics-Alert-Reference</A></P> <P>&nbsp;</P> <P>Unfortunately there is no consolidated document to show how the severity works for all kind of alerts.</P> Wed, 06 Sep 2023 16:04:53 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/high-medium-low-severity/m-p/556792#M5094 nsinghvirk 2023-09-06T16:04:53Z