A case's scope and impact is determined by the assigned severity, score, and domain.
The prioritization and governance of cases are determined by the case Severity, Score, and Domain. Together, these factors define the operational urgency and the investigative boundaries of a case.
Severity: This attribute reflects the immediate risk level. Cortex XDR employs a logic where the overall case severity is dictated by the most critical issue linked to it. This ensures that high-impact threats are instantly visible to responders without being diluted by lower-level activity.
Score: The case score provides a quantitative measure of risk. While severity indicates the severity of a case, the score offers a granular numerical value used for precise ranking.
Domain: This categorizes the case context for example Security or Health. The domain determines the case’s scope, directing it to the appropriate specialized team.
By aligning these factors, Cortex XDR automates the transition from detection to response, ensuring the most critical risks are addressed by the right experts.