Investigate alerts - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2025-01-20
Category
Administrator Guide
Abstract

Cortex XDR generates alerts to bring your attention to security risks in your framework.

Alerts help you to monitor and control the security of your system framework by alerting you to security risks in your framework. Cortex XDR generates alerts from the following:

  • Rules that you set up, such as BIOC, IOC, correlation rules, etc.

  • Agents

  • Firewalls

  • Analytics

  • Integrations

    Integrations enable you to ingest events, such as phishing emails, SIEM events, from third party security and management vendors. You might need to configure the integrations to determine how events are classified as events. For example, for email integrations, you might want to classify items based on the subject field, but for SIEM events, you want to  classify by event type.