Incidents and alerts - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Product
Cortex XPANSE
Version
2
Creation date
2024-08-29
Last date published
2024-11-12
Category
User Guide
Solution
Cloud
Abstract

Learn about workflows and playbook-driven automation for monitoring, prioritizing, investigating, and remediating incidents and alerts.

Alerts are potential security risks identified by Cortex Xpanse on your assets and services. An Incident is a collection of alerts related to a single service, or to a single asset if no service is detected. Responding to incidents is a critical part of protecting your attack surface, and Cortex Xpanse simplifies incident response by providing workflows and playbook-driven automation for monitoring, prioritizing, investigating, and remediating incidents.