Monitor Cortex XDR authentication and audit logs for detecting attacks on Cortex XDR.
You can audit and query Cortex XDR authentication logs and activity logs to track and trigger alerts about malicious activity on Cortex XDR.
A indicates support and a dash (—) indicates the feature is not supported.
LOG TYPE | RAW DATA VISIBILITY | NORMALIZED LOG VISIBILITY | Cortex XDR ALERT VISIBILITY |
---|---|---|---|
Cortex XDR authentication logs | Logs and stories are searchable in XQL Search. | Cortex XDR authentication logs normalized into authentication stories, which are searchable in the Query Builder. | Cortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs. NoteCortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs. |
Cortex XDR audit logs | Logs and stories are searchable in XQL Search. | Cortex XDR authentication logs are normalized into SaaS stories which are searchable in the Query Builder. | Cortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs. NoteCortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs. |