You can search the content in the Alerts and Incidents tables.
Cortex Xpanse supports the ability to search the content in alert and incident tables. On the Alerts page, Cortex Xpanse searches key alert fields, including the fields for assets related to the alert, such as alert name, attack surface rule, and asset registrar information. On the Incidents page, Cortex Xpanse searches incident fields and fields for related alerts and assets.
To perform a search, navigate to the Alerts or Incidents page, enter a search term in the search bar above the table, and hit enter. Note the following search guidelines:
You can use search and filters together. When you use both search and filter, Cortex Xpanse processes them with an "and" operator. For example, if you search alerts for "RDP" and filter for Resolution Status = New, the search results will have New alerts that contain "RDP".
XQL doesn't work in the search bar.
The following characters are treated as delimiters:
[ ] < > ( ) { } | ! ; , ' " * & ? + / = @ - $ % \ _ \n \r \s \t
If you use these characters in a search string, Cortex Xpanse will separate the string into separate search terms.
Search matches on exact string matches, not partial string matches. For example, if you search for "Micro", you will not return Microsoft Server in your search results. Instead you would need to search for the full word "Microsoft" to find Microsoft Server.