Research a Threat Event - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Creation date
Last date published
User Guide

Review detailed information about a threat event, including related alerts and incidents, in the Threat Response Center.

Each threat event in the Threat Response Center has a dedicated page where you can find all the information about the threat, including related incidents and alerts. Cortex Xpanse threat event researchers update these pages as new information is discovered.

  1. Navigate to Incident ResponseThreat Response Center.

  2. Click anywhere in the row of the relevant threat event to open the detailed threat event page.

  3. Review the information on this page to learn about the threat event and build a remediation plan for your organization.

    Information displayed on threat event pages includes:

    • Summary of related of alerts and the status of those alerts

    • Related attack surface rules and whether or not they are enabled.

    • Active incidents by business unit and assignee, with click-throughs to the incidents page so you can begin remediation

    • Threat summary and exploit consequences

    • Links to additional sources of information about the threat

    • Remediation and mitigation suggestions

    • Affected software, including affected versions

    • List of the related CVEs, with links to the National Vulnerability Database


In general, when a new threat event is added to the Threat Event Center, we recommend that you monitor whether Xpanse is generating alerts on the new threat. If you see alerts for the the new threat, we encourage you to remediate them.