topic Re: Severity in correlations in Cortex XSIAM Discussions https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/severity-in-correlations/m-p/1231738#M209 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/618763197">@LeandroKopke</a>,&nbsp;</P> <P>I'm assuming that you're already having a dedicated field for severity in your query</P> <P>such as&nbsp;</P> <P>| alter alert_severity = json_extract_scalar(_alert_data, "$.severity")</P> <P>You've already selected user defined and chose the right field&nbsp;to match an item within the dropdown list, other wise, it's gonna set to Medium by default&nbsp;</P> <P>&nbsp;</P> <P>Would you please share a sample of your query?&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AElzedy_1-1749841182151.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/68036i0F8913E825067ECD/image-size/medium?v=v2&amp;px=400" role="button" title="AElzedy_1-1749841182151.png" alt="AElzedy_1-1749841182151.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 13 Jun 2025 19:09:22 GMT A.Elzedy 2025-06-13T19:09:22Z Severity in correlations https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/severity-in-correlations/m-p/1219356#M150 <P>Hello.</P> <P>Could you help me with the severity field of the correlation?</P> <P>I need to customize the severity of the alert based on the user who triggers the query. <BR />The query is already made. When I configure the correlation to get this severity, it ignores it and sets any alert as "Medium" whereas the severities were supposed to be "high" or "informational" (this one to open an incident)</P> <P><BR />Do you know what could be happening and where the incident is inheriting this severity from?</P> Tue, 04 Feb 2025 16:27:08 GMT https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/severity-in-correlations/m-p/1219356#M150 LeandroKopke 2025-02-04T16:27:08Z Re: Severity in correlations https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/severity-in-correlations/m-p/1231738#M209 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/618763197">@LeandroKopke</a>,&nbsp;</P> <P>I'm assuming that you're already having a dedicated field for severity in your query</P> <P>such as&nbsp;</P> <P>| alter alert_severity = json_extract_scalar(_alert_data, "$.severity")</P> <P>You've already selected user defined and chose the right field&nbsp;to match an item within the dropdown list, other wise, it's gonna set to Medium by default&nbsp;</P> <P>&nbsp;</P> <P>Would you please share a sample of your query?&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AElzedy_1-1749841182151.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/68036i0F8913E825067ECD/image-size/medium?v=v2&amp;px=400" role="button" title="AElzedy_1-1749841182151.png" alt="AElzedy_1-1749841182151.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 13 Jun 2025 19:09:22 GMT https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/severity-in-correlations/m-p/1231738#M209 A.Elzedy 2025-06-13T19:09:22Z