https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incident-creation-latency/m-p/573586#M5910 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/256101">@nsinghvirk</a>&nbsp;<BR /><BR />Alert was generated by XDR Analytics and severity was low. After approximately 24 hours ( may be a few hours more or less, I dont remember exact timing) incident was created which contains only this alert.&nbsp;<BR /><BR />Since our SOC team monitors based on incidents , these kind of latency is problem for us.</P> Fri, 19 Jan 2024 04:58:53 GMT orkhan_alibayli 2024-01-19T04:58:53Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incident-creation-latency/m-p/573115#M5885 <P>Hi all,<BR /><BR /></P> <P>I have seen a few cases like that in recent days:</P> <P>&nbsp;</P> <P>There was an alert by name ""Failed Connections" generated by XDR Anaytics" and inside that incident there was only one alert named "Failed connections" and alert source was XDR Analytics. But problem is that, Incident created almost 24 hour&nbsp;after the alert was created.&nbsp;</P> <P>&nbsp;</P> <P>Have you experienced these type of situation before?&nbsp;</P> Tue, 16 Jan 2024 05:30:12 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incident-creation-latency/m-p/573115#M5885 orkhan_alibayli 2024-01-16T05:30:12Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incident-creation-latency/m-p/573477#M5904 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/323182">@orkhan_alibayli</a>&nbsp;</P> <P>&nbsp;</P> <P>Thanks for reaching out on LiveCommunity!</P> <P>In this case we need to check the severity of the alert. Because Analytic BIOC alerts with medium or above severity generate the incidents and however alerts with low severity not necessarily generate incidents.&nbsp;</P> <P>Please tell us about the severity of alert and is the 24 hour period was between actual event and incident creation or between alert generation and incident generation?&nbsp;</P> Thu, 18 Jan 2024 14:59:45 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incident-creation-latency/m-p/573477#M5904 nsinghvirk 2024-01-18T14:59:45Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incident-creation-latency/m-p/573586#M5910 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/256101">@nsinghvirk</a>&nbsp;<BR /><BR />Alert was generated by XDR Analytics and severity was low. After approximately 24 hours ( may be a few hours more or less, I dont remember exact timing) incident was created which contains only this alert.&nbsp;<BR /><BR />Since our SOC team monitors based on incidents , these kind of latency is problem for us.</P> Fri, 19 Jan 2024 04:58:53 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incident-creation-latency/m-p/573586#M5910 orkhan_alibayli 2024-01-19T04:58:53Z