no alerts no incident

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

no alerts no incident

L0 Member

Hi everyone, i have an issue. Cortex receives data from data sources (endpoints, servers etc) but i can not see alerts and incidents. My dashbord shows 0 alert and 0 incident. Who could help to me?

4 REPLIES 4

L0 Member

Did you perform an onboarding with Cortex support? Surly, you configured alerts within settings>configurations.

L2 Linker

We have the exact same kind of behavior and everything was working fine yesterday ...

could you solve ?

L3 Networker

Hi @K.Ganiyev @MartinCimone 

Thanks for your query on LC!

Do you see any alert exclusions in place that may be avoiding the alerts/Incidents to populate on the table?
Refer - https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Alert-Exclu...

As a test, I would suggest running a test malware pe file on any one host with CortexXDR agent installed to check if the alerts are generated locally first so you can figure out where the issue could be(Are the agents generating alerts first of all OR do we have some issue on the reporting server?)

This discussion covers this in details, please refer- https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/wildfire-test-file/td-p/531592


Give it a like & mark as solution if this helped your query!

Best,

 

  • 144 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!