03-30-2023 07:10 AM
I know this migth not easy to answer, but I'm going to take my chance anyway.
Are there any incident best practices for (each) Cortex XDR detector documented ? For example what a certain detector means, what the best thing is to do in this case, ...
Thank you very much,
03-30-2023 07:42 AM
Thank you for writing to live community. This indeed sounds like a very broad subject. Do you think you can elaborate a bit on what you mean or what you're hoping to achieve?
This can be taken in multiple different directions - alert tunings, incident sources, analytics detection time intervals.
03-30-2023 11:32 PM
Hello @mavraham ,
Thank you very much for your reply.
Indeed, maybe this is even nearly impossible or would take a very long time to document. I want to create a guideline, or maybe even an incident response plan, not only for myself but also for my colleagues just to be sure I am doing the right thing in case of an incident.
I know such things should rely on experience, but at the moment, I lack of that.
I want to learn, know what to do, gain experience,... I will definitely check out the links you included, thank you for that.
04-03-2023 11:06 PM
Check out our webinars (link below and with the help of SmartScore feature (link below), this will help/guide Analyst which incident to prioritize and investigate.
You can explore our journey phases in our Live Community page and select whether you have Prevent or Pro license.
04-11-2023 02:12 AM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!