Evidence - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Assess User Guide

Creation date
Last date published
User Guide

The Evidence section of the Issue Detail provides the evidence that Cortex Xpanse uses to attribute and assess the Issue, and contains the following information:

  • Review Issue Evidence

    • Evidence Type—This field indicates the specific type of evidence that underlies the Issue. There are two primary Issue types:

      -Scan Evidence—This field comes from Cortex Xpanse's scans of the organization's Assets.

      -Asset Evidence—This field comes from publicly available information including DNS records, IP range registration records, content in certificates, and other internet registration records.

  • Service Classifications—Information about the software running on the service.

  • Associated Assets—These are the underlying Assets associated with the Issue. Click the Associated Asset title to see all information associated with that Asset.

  • Ownership Link—Clicking this link will also take you to the corresponding Asset detail page.

  • Attribution Reasons—Entries under the ownership link indicate the reason for attribution. This information is copied from the Asset information.

  • Points of Contact

    • If the Asset has a point of contact, this information is displayed.

    • To add an Asset point of contact, click the Ownership Link and scroll to the Create new or add existing contacts. Assigning contacts to an asset is critical to expedite Issue investigation and remediation.

  • Registration Information—Provides registration records for IP ranges, certificates, and domains related to the issue.

  • Business Units—The "business unit" is the parent organization that owns the asset. This may be your core company or one of your subsidiaries. A business unit assignment occurs during the network mapping process. To change the business unit assigned to a given asset, talk to your Engagement Manager.