Investigate artifacts and assets - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

You can investigate specific artifacts and assets on dedicated views related to IP address, Network Assets, and File and Process Hash information.

From the Incidents view, open the Key Assets & Artifact tab to see the assets and artifacts that are associated with the incident, including hosts, IP addresses, and users. Icons represent properties of the artifacts and assets. Hover over an icon for more information. Click the more options icon to drill down in dedicated views, or take actions on the asset or artifact. The Key Assets & Artifact tab shows the following information:

  • Artifacts

    To aid you with threat investigation, Cortex XDR displays the WildFire-issued verdict for each key artifact in an incident. To provide additional verification sources, you can integrate external threat intelligence services with Cortex XDR. For more information, see External integrations.

  • Assets

    Displays Hosts and Users details. For hosts with a Cortex XDR agent installed, click on the host name to see more information in the Details panel.