Learn more about analyzing issues in the issue card, and the causality view.
To help you understand the full context of an issue, Cortex XSIAM provides the issue card and the causality view to help you to quickly make a thorough analysis of the issue.
The causality view is available for XDR agent issue that are based on endpoint data and for issues raised on network traffic logs that have been stitched with endpoint data. In addition, you can use the cloud causality view to analyze cloud Cortex XSIAM issues and cloud audit logs. While the SaaS causality view enables you to analyze and investigate software-as-a-service (SaaS) related issues for audit stories, such as Office 365 audit logs and normalized logs.
From the Issues table, click in issue to open the issue card, or right-click an issue and select and select Investigate Causality Chain.
Review the chain of execution and available data for the process and, if available, navigate through the process tree.