From the Cortex XDR management console, you can view a detailed summary of the behavior that triggered analytics alerts.
Notice
Requires a Cortex XDR Pro license.
The analytics alert view provides a detailed summary of the behavior that triggered an Analytics or Analytics BIOC alert. This view also provides a visual depiction of the behavior and additional information you can use to assess the alert. This includes the endpoint on which the activity was initiated, the user that performed the action, the technique the analytics engine observed, and activity and interactions with other hosts inside or outside of your network.
When enabling Identity Analytics, alerts associated with suspicious user activity such as stolen or misused credentials, lateral movement, credential harvesting, or brute-force data are displayed with a User node.