12-03-2024 04:08 AM
Hi everyone, i have an issue. Cortex receives data from data sources (endpoints, servers etc) but i can not see alerts and incidents. My dashbord shows 0 alert and 0 incident. Who could help to me?
12-03-2024 08:19 AM
We have the exact same kind of behavior and everything was working fine yesterday ...
12-03-2024 10:53 PM
Hi @K.Ganiyev @MartinCimone
Thanks for your query on LC!
Do you see any alert exclusions in place that may be avoiding the alerts/Incidents to populate on the table?
Refer - https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Alert-Exclu...
As a test, I would suggest running a test malware pe file on any one host with CortexXDR agent installed to check if the alerts are generated locally first so you can figure out where the issue could be(Are the agents generating alerts first of all OR do we have some issue on the reporting server?)
This discussion covers this in details, please refer- https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/wildfire-test-file/td-p/531592
Give it a like & mark as solution if this helped your query!
Best,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
