Hello, beginning on or about 20 July, began to see MANY more Incidents created in Cortex XDR that looked similar to this: Incident Description: 'Threat ID #' generated by PAN NGFW detected on host <hostName> involving xyz\UserName (note, there is NOTHING after the "#" sign) Incident Sources: PAN NGFW When looking at the Alert that caused this Cortex Incident, what you see is: Category: "URL Filtering" Alert Name: "Threat ID #" I should not that I believe BEFORE this apparent change or bug, within Cortex XDR Alerts page we would see something like this: Category: "URL Filtering (10082)" Alert Name: "Threat ID #9999" Are others noticing this too? Is this the desired / expected behavior of Cortex XDR? It seems like there has been a CHANGE in the way Cortex presents these Alerts and Incidents Is there knowledge and expectations its operating this way? See attached screenshots
... View more