The Cortex Cloud Analytics engine generates an issue when it detects suspicious activity, composed of multiple events, that deviates from the behavior baseline it establishes over time. To ensure the Analytics detectors generates issues efficiently and do not overcrowd your Issues table, Cortex Cloud automatically disables issues from detectors that reach 5000 or more matches over a 24 hour period.
In addition to standard Analytics issues, there is another category of issues generated by Analytics behavioral indicators of compromise (ABIOCs). In contrast to standard Analytics issues, Analytics BIOCs (ABIOCs)—indicate a single event of suspicious behavior with an identified chain of causality. To identify the context and chain of causality, ABIOCs leverage user, endpoint, and network profiles. The profile is generated by the Analytics Engine and can be based on a simple statistical profile or a more complex machine-learning profile. Cortex Cloud tailors each ABIOC to your specific environment after analyzing your logs and data sources and continually tunes and delivers new ABIOCs with content updates.