Cortex Copilot is an AI-powered tool designed to streamline processes by simplifying incident triaging, investigation, and remediation. It enables you to seamlessly uncover new insights on hashes, hosts, and more. You can get tailored suggestions, access the Help Center, and run actions in natural language from anywhere without losing context.
Notice
Cortex Copilot requires XSIAM Enterprise or Enterprise Plus license.
Cortex Copilot is an innovative AI tool specifically developed to streamline various processes, including incident triaging, investigation, and remediation. By utilizing Cortex Copilot, you can uncover valuable insights on a wide range of entities such as hashes, hosts, and more. Its primary objective is to simplify these tasks, allowing for a more efficient workflow and enhanced productivity.
One of the key features of Cortex Copilot is its ability to provide personalized suggestions based on your specific needs and context. This helps you find the most relevant information and solutions quickly and effortlessly. Cortex Copilot offers easy access to the Help Center, ensuring that users have comprehensive guidance and support readily available.
Cortex Copilot allows users to execute commands using natural language from anywhere within the interface. This means that users can interact with the tool seamlessly, without losing their train of thought or context.
Access Cortex Copilot
Cortex Copilot is conveniently accessible from the main menu in the left pane, ensuring easy navigation and usage. Alternatively, you can right-click on specific entities, such as an asset name or IP address, and select Open in Copilot to immediately open the Cortex Copilot with a focus on that entity.
To increase usability, you can create a personalized keyboard shortcut: → → → and choose the shortcut you want to use. You can use this shortcut anytime, from anywhere within Cortex XSIAM, to instantly open Cortex Copilot. If you highlight an entity and open Cortex Copilot with the keyboard shortcut, it will open with a focus on that entity.
Cortex Copilot welcome screen
When you access Cortex Copilot, the welcome screen greets you with an informative overview of the past 24 hours in your Cortex XSIAM environment. This overview provides valuable insights at a glance, including the number of incidents resolved automatically, the count of triggered playbooks, the average incident score, and details about data ingestion from various sources.
What can Cortex Copilot do for you?
Ask a question and click Ask the Help Center. Cortex Copilot provides you with a summary of relevant documentation articles as well as a list of reference links to find in-depth information quickly.
Use Cortex Copilot as a navigation tool to search for information, perform common investigation tasks, or initiate response actions.
Perform investigations of entities such as hashes, hosts, domains, IP addresses, and users, using advanced XQL queries and activate tailored responses.
Responsible AI
Cortex Copilot is developed in accordance with responsible AI principles. Customer data is not used to train the AI models, and your data is private and secure. For added security, user prompts are processed within the tenant's region. For more information about regional support in Cortex Copilot, see regional support. Safety and security measures include user confirmation for write actions and adherence to RBAC permissions. At the same time, explainability is maintained by providing the logic behind answers and offering a feedback option for user opinions. If you choose, you can disable the Cortex Copilot functionality.