Agent Configuration: Configuration of a particular Cortex XDR agent on a particular endpoint.
Agent Installation: Installation of the Cortex XDR agent on a particular endpoint.
Alert Exclusions: Suppression of particular alerts from Cortex XDR .
Alert Notifications: Modification of the format or timing of alerts.
Alert Rules: Modification of alert rules.
API Key: Modification of the Cortex XDR API key.
Authentication: User sessions started, along with the user name that started the session.
Broker API: Operation related to the Broker application programming interface (API).
Broker VM: Operation related to the Broker virtual machine (VM).
Dashboards: Use of particular dashboards.
Device Control Permanent Exceptions: Modification of permanent device control exceptions.
Device Control Profile: Modification of a device control profile.
Device Control Temporary Exceptions: Modification of temporary device control exceptions.
Disk Encryption Profile: Modification of a disk encryption profile.
Endpoint Administration: Management of endpoints.
Endpoint Groups: Management of endpoint groups.
Extensions Policy: Modification of extension policy settings, including host firewall and disk encryption.
Extensions Profiles: Modification of extension profile settings.
Global Exceptions: Management of global exceptions.
Host Firewall Profile: Modification of a host firewall profile.
Host Insights: Initiation of Host Insights data collection scan (Host Inventory and Vulnerability Assessment).
Incident Management: Actions taken on incidents and on the assets, alerts, and artifacts in incidents.
Ingest Data: Import of data for immediate use or storage in a database.
Integrations: Integration operations, such as integrating Slack for outbound notifications.
Licensing: Any licensing-related operation.
Live Terminal: Remote terminal sessions created and actions taken in the file manager or task manager, a complete history of commands issued, their success, and the response.
Managed Threat Hunting: Activity relating to managed threat hunting.
MSSP: Management of security services providers.
Policy & Profiles: Activity related to managing policies and profiles.
Prevention Policy Rules: Modification of prevention policy rules.
Protection Policy: Modification of the protection policy.
Protection Profile: Modification of the protection profile.
Public API: Authentication activity using an associated Cortex XDR API key.
Query Center: Operations in the Query Center.
Remediation: Remediation operations.
Reporting: Any reporting activity.
Response: Remedial actions taken. For example: Isolate a host, undo host isolation, add a file hash signature to the block list, or undo the addition to the block list.
Rules: Modification of rules.
Rules Exceptions: Creation, editing, or deletion under Rules exceptions.
SaaS Collection: Any collected SaaS data.
Script Execution: Any script execution.
Starred Incidents: Modification of starred incidents.
Vulnerability Assessment: Any vulnerability assessment activity.