Issues identify the problems that you need to solve in your environment. Cortex Cloud creates issues when problems occur in your environment that cross defined thresholds, or surpass your organization's accepted level of risk and threat tolerance.
Each issue comprises a defined framework of:
What happened: A description of the problem
How is your environment impacted: Affected assets or the impact of this issue in your environment
Contributing evidence: Data that supports our analysis and observations
Recommended actions: Automations, playbooks, and manual suggestions
Issues are created from findings or from events that occur in your environment. When an issue is created, Cortex Cloud assesses the content of the issue and assigns it to a new or existing case. In addition, according to the content of the issue, it is assigned to a domain that reflects the operational use case of the issue, such as Security or Health. Using case grouping logic, Cortex Cloud then determines whether to link the issue to a case.
When you open a case, you can see all issues that are linked to the case. Review the Grouping graph to see why the issues were grouped together in the case. For more information about how issues are grouped in cases, see Case grouping.
In addition, Cortex Cloud offers the flexibility to:
Manually link and unlink issues from cases. Issues can also be linked to multiple cases. For more information, see Link or unlink issues from a case.
Mirror Cortex issues with external applications (for example, Atlassian Jira). For more information, see Issue syncing.
Create issues from custom rules that you define. For example, correlation rules, malware rules, and vulnerability rules. For more information about setting up rules, see What are detection rules?.