Issue card - On the Issue card, you can see details of the selected issue and take actions on an issue. - Administrator Guide

Issue card - On the Issue card, you can see details of the selected issue and take actions on an issue. - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation

Product

Cortex Cloud Application Security > Cortex CLOUD

License

Cloud Runtime Security

Creation date

2024-12-24

Last date published

2026-06-04

Category

Administrator Guide

Abstract

On the Issue card, you can see details of the selected issue and take actions on an issue.

The Issue card provides a full breakdown of an issue, helping you understand the root cause and take action through relevant evidence, remediation guidance, and response options.

The issue card supports full case investigation by retaining case context. Once you have finished reviewing an issue, close the card to return to the initial case investigation.

Each issue card adapts to the type of issue you’re investigating, surfacing the most relevant information and tools at every stage of the workflow. While layouts may vary, most issues share a common set of tabs designed to support triage, investigation, and resolution.

Tab	Description
Overview	Displays a description of the issue and provides key information, including: Assignee Status Time at which the issue was created and updated Suggested automations to run on the issue. Click the automation to open to the Work Plan tab with details of the automation. Affected Assets with links to the affected asset cards Cases linked to the issue If an automation rule triggered an automation (Quick Action, playbook, or agentic agent) to run on the issue, the name of the last automation to run on the issue is displayed. (For issues related to Container images) Related Affected Assets displays the assets that are related to the assets listed under Affected Assets. For example, if one of the associated assets is a container image running on a VM, the VM will be listed under this section. The Evidence section contains information to help you investigate the issue, such as the causality chain. Note This section is context-specific and shows data according to the issue context.
Resolution	Displays recommended remediation actions, and pending, in progress, and completed actions. For more information, see Resolution actions.
Issue Information	Displays a summary of the issue, such as issue details , indicators, and outstanding tasks. Some fields are informational and some can be edited. Includes the following sections (depending on the layout): ISSUE DETAILS: A summary of the issue, such as type, severity, and when the issue occurred. You can update these fields as required. COMMAND AND TASK RESULTS: Lists any manual commands and playbook task results. WORK PLAN: View or take action on the following: Playbook tasks: When a playbook runs, any outstanding tasks appear. You can take various actions here or in the Work Plan tab. To-Do Tasks: An ad-hoc item that is not attached to the Work Plan. Create tasks for users to complete as part of an investigation. These are like a To-Do list that you keep in an investigation on an ad-hoc basis, rather than the Work Plan, which follows a pre-defined process. You can view or create To-Do tasks. NOTES: Helps you understand specific actions taken, and allows you to view conversations between analysts to see how they arrived at a certain decision. You can see the thought process behind identifying key evidence and identifying similar cases. MALICIOUS OR SUSPICIOUS INDICATORS: A list of any malicious or suspicious indicators. If you have the Threat Intel add-on, you can pivot to the Indicators page, where you can take further action on the indicator. INDICATORS HANDLING: Take actions on indicators from the displayed options.
Technical Information	Displays an overview of the information collected about the investigation, such as indicators, email information, URL screenshots, etc. When you run a playbook, the sections are automatically completed.
Investigation Tools	Enables you to take action on the issue, such as converting a JSON file to CSV and checking if the IP address is in CIDR.
War Room	A comprehensive collection of all investigation actions, artifacts, and collaboration. It is a chronological journal of the issue investigation. Each issue has a unique War Room. For information, see Use the War Room in an investigation.
Work Plan	A visual representation of the running playbook that is assigned to the issue. For more information, see Use the Work Plan in an investigation.

Note