Visibility of Cortex XDR audit and authentication logs - Administrator Guide - Cortex XDR - Cortex

Visibility of Cortex XDR audit and authentication logs - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product

Cortex XDR

License

Pro

Creation date

2024-07-16

Last date published

2024-12-12

LOG TYPE	RAW DATA VISIBILITY	NORMALIZED LOG VISIBILITY	Cortex XDR ALERT VISIBILITY
Cortex XDR authentication logs	Logs and stories are searchable in XQL Search.	Cortex XDR authentication logs normalized into authentication stories, which are searchable in the Query Builder.	Cortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs. Note Cortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs.
Cortex XDR audit logs	Logs and stories are searchable in XQL Search.	Cortex XDR authentication logs are normalized into SaaS stories which are searchable in the Query Builder.	Cortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs. Note Cortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs.

Cortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs.

Cortex XDR audit logs

Logs and stories are searchable in XQL Search.

Cortex XDR authentication logs are normalized into SaaS stories which are searchable in the Query Builder.

Cortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs.

Cortex XDR can raise Cortex XDR alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs.