Causality View - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Prevent Administrator Guide

Product
Cortex XDR
License
Prevent
Creation date
2024-07-16
Last date published
2024-10-14
Category
Administrator Guide
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XDR/Cortex-XDR-Documentation

The Causality View provides a powerful way to analyze and respond to alerts. The scope of the Causality View is the Causality Instance (CI) to which this alert pertains. The Causality View presents the alert (generated by Cortex XDR/Cortex XSIAM or sent to Cortex XDR/Cortex XSIAM from a supported alert source such as the XDR agent) and includes the entire process execution chain that led up to the alert. On each node in the CI chain, Cortex XDR/Cortex XSIAM provides information to help you understand what happened around the alert.