Visibility of Cortex XDR audit and authentication logs - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2025-02-11
Category
Administrator Guide
Abstract

Monitor Cortex XDR authentication and audit logs for detecting attacks on Cortex XDR.

You can audit and query Cortex XDR authentication logs and activity logs to track and trigger alerts about malicious activity on Cortex XDR.

check-mark.png indicates support and a dash (—) indicates the feature is not supported.

LOG TYPE

RAW DATA VISIBILITY

NORMALIZED LOG VISIBILITY

Cortex XDR ALERT VISIBILITY

Cortex XDR authentication logs

 check-mark.png 

Logs and stories are searchable in XQL Search.

 check-mark.png

Cortex XDR authentication logs normalized into authentication stories, which are searchable in the Query Builder.

 check-mark.png

Cortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs.

Note

Cortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs.

Cortex XDR audit logs

 check-mark.png 

Logs and stories are searchable in XQL Search.

 check-mark.png

Cortex XDR authentication logs are normalized into SaaS stories which are searchable in the Query Builder.

 check-mark.png

Cortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs.

Note

Cortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs.