https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/alerts-and-incidents/m-p/600160#M7310 <P>Hello Palo Live Community.<BR />Does anyone know what are the criteria that Cortex XDR takes into account to create an incident for a single alert? This is because I have seen that some alerts do not necessarily form an incident, but in other cases, yes. I insist, talking only about a single alert.<BR />I attach evidence.</P> Thu, 10 Oct 2024 22:47:17 GMT R.Tuyub 2024-10-10T22:47:17Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/alerts-and-incidents/m-p/600160#M7310 <P>Hello Palo Live Community.<BR />Does anyone know what are the criteria that Cortex XDR takes into account to create an incident for a single alert? This is because I have seen that some alerts do not necessarily form an incident, but in other cases, yes. I insist, talking only about a single alert.<BR />I attach evidence.</P> Thu, 10 Oct 2024 22:47:17 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/alerts-and-incidents/m-p/600160#M7310 R.Tuyub 2024-10-10T22:47:17Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/alerts-and-incidents/m-p/600266#M7320 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1012377633">@R.Tuyub</a>&nbsp;</P> <P>&nbsp;</P> <P>Thanks for reaching out on LiveCommunity!</P> <P>Most of the time alerts with severity as medium or above generate incidents with exception for few low severity analytics based alerts. Informational and low severity alerts do not generate incidents.</P> <P>&nbsp;</P> <P>Please c<SPAN>lick&nbsp;</SPAN><STRONG>Accept as Solution</STRONG><SPAN>&nbsp;to acknowledge that the answer to your question has been provided.</SPAN></P> <P>&nbsp;</P> Fri, 11 Oct 2024 15:29:00 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/alerts-and-incidents/m-p/600266#M7320 nsinghvirk 2024-10-11T15:29:00Z