For details on cookie usage on our site, read our Privacy Policy
The difference between alerts that are included in an incident and those that are not
- LIVEcommunity
- Discussions
- Security Operations
- Cortex XDR Discussions
- Re: The difference between alerts that are included in an incident and those that are not
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-02-2022 11:39 PM
hello.
Please tell me about the alerts for CortexXDR.
What criteria are used to determine when an alert is included in an incident and when it is not included in an incident?
And are alerts that are not included in incidents not "threats"?
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-04-2022 06:27 PM
Let me ask one more question.
I understand that the ideal analysis is on an incident-by-incident basis, but that would mean that we would not see alerts that are not part of an incident.
Is it correct to assume that we do not see alerts that are not "threats"?
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-04-2022 08:14 PM
Hi @suzu1986 by that, you're referring to alerts that are not stitched to any incident (usually Low severity alerts). You should take a look at them too, and then tag them to a specific incident if your analysis leads towards the same.
- SLA Total Duration field in incident table in Cortex XSOAR Discussions
- Using Incident Variables Within Data Collection Web Form in Cortex XSOAR Discussions
- xSOAR - Incident Search Syntax that doenst include incidents which triggered in the last 15 minutes in Cortex XSOAR Discussions
- Cortex XDR PoC: Monitoring Malicious Chrome Extensions in Cortex XDR Discussions
- The difference between alerts that are included in an incident and those that are not in Cortex XDR Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
