The Cortex XDR Analytics Alert Reference provides a description of every Cortex XDR Analytics Alert. Use this reference to understand what an alert means and what you should do about it.
The Analytics alerts that Cortex XDR can raise depend on the data sources you integrate with Cortex XDR. For example if the Cortex XDR agent is your only data source, the app raises only the alerts it can detect from agent endpoint data. Some alerts can also require a combination of data sources in order to raise the alert. Additionally, you can improve the accuracy of some Analytics alerts by adding additional data sources. For more information about the data sources you must configure to trigger alerts, see the Cortex XDR Administrator Guide or the Cortex XSIAM Administrator Guide