AI tools can help you through the case analysis and resolution process.
To simplify and accelerate case resolution, Cortex XDR integrates advanced generative intelligence directly into the case management lifecycle. By leveraging built-in machine learning and intelligent grouping logic, Cortex XDR shifts the focus from resolving isolated issues to a holistic approach that resolves the case as a whole:
Intelligent case grouping: Cortex XDR automatically consolidates related issues, assets and artifacts into a single unified case that reveals the full scope of an attack.
AI summarization: Agentic AI is integrated in the case resolution process to automatically summarize context, help you investigate entities, and suggest remediation actions.
Guided resolution: The Resolution Center guides you to resolution with actionable tasks that are designed to remediate the entire case as a single entity, significantly accelerating the path to resolution.
Agentic AI
Cortex XDR leverages Agentic AI to collaborate on investigations and actively accelerate the entire resolution lifecycle.
Feature | Description |
|---|---|
AI-generated case summaries | Instantly analyzes the case’s full scope and impact and accelerates triage. |
Agentic Assistant | The autonomous "brain" of Cortex XDR. It utilizes AI agents that plan, reason, and investigate complex threats, such as cloud identity theft or container breaches. These agents have access to case context and can create plans and perform actions such as running commands, playbooks, and scripts. The Agentic Assistant chat provides an interactive and intelligent way to simplify and streamline complex security operations. Enter a prompt using natural language, and your agent plans and executes the most relevant actions to fulfill your request. |
Resolution Center | Provides actionable remediation tasks, recommendations, and progress tracking to guide you step-by-step to a complete resolution. With playbook task tracking across all issues and in-context links to the Workplan, you can manage tasks awaiting action, monitor work in progress, and review completed items. |