Who rated this post

gjenkins · ‎04-06-2021

The protection rule database is not publicly accessible at this time. To get information regarding the rules, why they were triggered, and recommendations on the next steps, please open a support case. They will likely need the Alert data to perform further analysis as well. That can be collected using the following instructions.

Steps to collect Alert Data from Cortex XDR Console:

1. Got to the Alerts table.
2. Right-click on your target alert
3. Select "Retrieve Additional Data," then "Retrieve alert data."
3. Navigate to Response > Action Center
5. Locate the alert data retrieval job that you created.
6. Right-click on your target job
7. Select "Additional Data."
8. Right-click on the resulting action
9. Select "Download Files."

Visit our Cortex XDR Customer Corner on Live Community to access resources for your product journey, engage in discussions with community members and subject matter experts, and register for upcoming events!

*Cortex XDR Customer Corner: https://live.paloaltonetworks.com/t5/cortex-xdr-customer-corner/ct-p/Cortex_XDR_Customer_Corner

Join our Cortex XDR Office Hours to receive live guidance and training from our Customer Success Architects.

*Cortex XDR Office Hours [NAM]: https://paloaltonetworks.zoom.us/webinar/register/3316669859020/WN_yMpAB-aBTt6xk2h-gsra4w
*Cortex XDR Office Hours [EMEA/APAC]: https://paloaltonetworks.zoom.us/webinar/register/4116709604301/WN_CZuFE5CHQbG9LUEqugsIOw

View solution in original post

Unlock your full community experience!

Who rated this post