Cortex Cloud enables you to investigate suspicious user activity information using Identity Analytics. When enabled, Identity Analytics aggregates and displays user profile information, activity, and issues associated with a user-based Analytics type issue and Analytics BIOC rule.
To easily track the issues and Analytics BIOC rules, Cortex Cloud displays an Identity Analytics tag in the Issues table > Issue Name field and Analytics BIOC Rules table > Name field. In the Analytics Issue View, when selecting the User node, Cortex Cloud details the active directory group, organizational unit, role, logins, hosts, alerts, and process executions associated with the user.
To enable Identity Analytics, you must first:
Set Up Cloud Identity Engine (formally Directory Sync Services (DSS))
Activate Cortex Cloud Analytics
After configuring your Cloud Identity Engine instance and Cortex Cloud Analytics, select Settings (
) → → , and in the Featured in Analytics section, Enable Identity Analytics.