Triage - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2024-05-06
Last date published
2024-09-11
Category
Administrator Guide
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XDR/Cortex-XDR-Documentation
Abstract

Triage collection gathers a wide range of artifacts that can be used to help understand the event that occurred on an endpoint.

Triage enables you to do a in-depth analysis of a specific endpoint to fully understand the activities that occurred on that endpoint. The triage functionality is configurable and supports the collection of all currently supported forensic artifacts, user-defined file paths, a full file listing for all of the connected drives, full event logs, and registry hives. The amount of data collected during a triage can be large, so triages are limited to ten or fewer endpoints per collection.