See the causality of a cloud-type issue—the entire process execution chain that led up to the issue in the Cortex Cloud app.
On the cloud causality view you can analyze and respond to Cortex Cloud issues and cloud audit logs. On this view you can see the causality (cause and effect) of events of the entire process execution chain that led up to the issue. The cloud causality view presents the event identity and /or IP address and the actions performed by the identity on the cloud resource. On each node in the CI chain, Cortex Cloud provides information to help you understand what happened around the event.
The following sections describe the different areas of the cloud causality view:
Includes the graphical representation of the Causality Instance (CI) along with other information and capabilities to enable you to conduct your analysis.
The view presents a single event CI chain. The CI chain is built from Identity and Resource nodes. The Identity node represents for example keys, service accounts, and users, while the Resource node represents for example network interfaces, storage buckets, or disks. When available, the chain might also include an IP address and issue that were triggered on the Identity and Cloud Resource.
Causality data is displayed as follows:
Identity node: Displays the name of the identity, generated issue information, and if available the associated IP address.
IP address node: Displays the IP address associated with the Identity.
Operations: Lists the type of operations performed by the identity on the cloud resources. Hover over the operation to display the original operation name as provided by the cloud Provider.
Cloud resource node: Displays the referenced resource on which the operation was performed. For more information about the cloud resources icons, see Key of cloud causality icons.
Navigation
You can move the chain, extend it, and modify it. To adjust the appearance of the CI chain, use the size controls on the right. You can also move the chain by selecting and dragging it. To return the chain to its original position and size, click 
in the lower-right of the CI graph.
Displays up to 100,000 related events and up to 1,000 related issues. In the All Events table, Cortex Cloud displays detailed information about each of the related events. To simplify your investigation, Cortex Cloud scans your Cortex Cloud data aggregating the events that have the same Identity or Resource and displays the entry with an 
aggregated icon. Right-click and select Show Grouped Events to view the aggregated entries.
Entries highlighted in red indicate that the specific event created an issue. To continue the investigation, right-click to View in XQL. To continue the investigation, in the Issues table, right-click an issue to see the available actions.
The following table lists the cloud resource icons:
Icon | Type of Resource |
|---|---|
 | Compute instance resource |
 | Disk resource |
 | General resource |
 | Image resource |
 | Network interface resource |
 | Security group (FW rule) resource |
 | Storage bucket resource |
 | Virtual private cloud (VPC) resource |