This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Using Hash View, but no Incidents are shown related when they should

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Using Hash View, but no Incidents are shown related when they should

Go to solution
KRisselada
L2 Linker

‎07-17-2020 12:05 PM

Hello LIVEcommunity, 

I am wondering if anyone else is using Hash View in Cortex XDR and finding that even if a Key Artifacts of a Incident lists a hash, when you view that detail in Hash View (right click on the artifact, bring up the Hash View screen) the area where one might think there would reflect a "Related Incident" is blank?

KRisselada_0-1595012463964.png

KRisselada_1-1595012581537.png

I have opened a Support case to report what seems to be a bug, but wondered if others had seen this also.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
KRisselada
L2 Linker
In response to KRisselada

‎07-22-2020 11:35 AM

Received update on the Support case I opened and Support team had escalated to Engineering, the answer back was:

Per Engineering - The reason why the customer does not see the incident in Hash, because we are filtering and show only open incident (new/under investigation).
It is expected behavior.

So at least this is now answered.
I also asked to have a Enduser Enhancement request put in that would more clearly indicate that this Filtering is taking place on this Hash View page and if possible, even expose the ability to apply a DIFFERENT filter  than the one that is being "invisibly" applied currently.

View solution in original post

2 REPLIES 2

Go to solution
KRisselada
L2 Linker

‎07-21-2020 03:24 PM

just a quick update to this discussion.  I spoke with support and this bounced a bit around support but ended up in " Endpoint Security Support" team.  They setup a quick zoom call to confirm (and also record what was being seen)
And have since escalated the question and discussion to Engineering, via a Engineering Escalation.
Will update once have additional info.

Interested if others within the LIVEcommunity also see this behavior in their Cortex instance

0 Likes Likes

Go to solution
KRisselada
L2 Linker
In response to KRisselada

‎07-22-2020 11:35 AM

Received update on the Support case I opened and Support team had escalated to Engineering, the answer back was:

Per Engineering - The reason why the customer does not see the incident in Hash, because we are filtering and show only open incident (new/under investigation).
It is expected behavior.

So at least this is now answered.
I also asked to have a Enduser Enhancement request put in that would more clearly indicate that this Filtering is taking place on this Hash View page and if possible, even expose the ability to apply a DIFFERENT filter  than the one that is being "invisibly" applied currently.

  • 1 accepted solution
  • 3777 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks