Review detailed information about a threat event, including related alerts and incidents, in the Threat Response Center.
Each threat event in the Threat Response Center has a dedicated page where you can find all the information about the threat, including related incidents and alerts. Cortex Xpanse threat event researchers update these pages as new information is discovered.
Navigate to → .
Click anywhere in the row of the relevant threat event to open the detailed threat event page.
Review the information on this page to learn about the threat event and build a remediation plan for your organization.
Information displayed on threat event pages includes:
Summary of related of alerts and the status of those alerts
Related attack surface rules and whether or not they are enabled.
Active incidents by business unit and assignee, with click-throughs to the incidents page so you can begin remediation
Threat summary and exploit consequences
Links to additional sources of information about the threat
Remediation and mitigation suggestions
Affected software, including affected versions
List of the related CVEs, with links to the National Vulnerability Database
 |
In general, when a new threat event is added to the Threat Event Center, we recommend that you monitor whether Xpanse is generating alerts on the new threat. If you see alerts for the the new threat, we encourage you to remediate them.