Identity Analytics - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide

Cortex XDR enables you investigate suspicious user activity information using Identity Analytics. When enabled, Identity Analytics aggregates and displays user profile information, activity, and alerts associated with a user-based Analytics type alert and Analytics BIOC rule.

To easily track the alerts and Analytics BIOC rules, Cortex XDR displays an Identity Analytics tag in the Alerts table > Alert Name field and Analytics BIOC Rules table > Name field. In the Analytics Alert View, when selecting the User node, Cortex XDR details the active directory group, organizational unit, role, logins, hosts, alerts, and process executions associated with the user.

To enable Identity Analytics, you must first:

  • Set Up Could Identity Engine(formally Directory Sync Services (DSS))

  • Activate Cortex XDR Analytics

After configuring your Cloud Identity Engine instance and Cortex XDR Analytics, select Settings (403822_spr.png)ConfigurationsCortex XDR - Analytics, and in the Featured in Analytics section, Enable Identity Analytics.