09-06-2023 02:30 AM
Dear Team ,
On what basis high ,medium and low severity alerts/incidents are classified on cortex XDR
Regards,
Shashank
09-06-2023 09:04 AM
Hello @Shashanksinha
Thanks for reaching out on Live Community!
The severity of an incident is govern by the severity of alerts in it. Incident will have the same severity as of the highest severity alert in it.
For the alert side, severity depends on the type of alert it is. BIOC/IOC alerts will have the severity that was configured in them when those rules were created. For alerts from 3rd party integration, the severity will be same as was forwarded by the integrated product.
You can refer to below document to see the severity of analytics alerts
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-Analytics-Alert-Reference
Unfortunately there is no consolidated document to show how the severity works for all kind of alerts.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
