Review the list of threat events - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-12-04
Category
Administrator Guide
Abstract

Review a curated list of zero-day exploits and global threat events in the Threat Response Center.

Navigate to DetectionAttack SurfaceThreat Response Center to view the Threat Response Center, which provides a complete list of threat events and links to related alerts. The list is sorted by the Last Updated date.

For each event in the list, Cortex XSIAM displays the following information, enabling you to quickly identify which events are the highest priority for your organization.

  • CVSS Score—This is the highest CVSS score of the CVEs associated with the event.

  • Threat Name and Brief Description

  • Active Alerts—Number of your organization's active alerts related to this event.

  • CVEs—Number of CVEs related to this event.

  • Affected Software—Names of the software affected by this event. The threat event details page lists the affected versions.

  • Last Updated date

threat-response-center.png

At the top of the Threat Response Center page are a set of widgets that present a graphical view of the number of alerts related to threat events in the Threat Response Center. You can change the timeframe for each widget by clicking the options icon. The percentage shown indicates the increase or decrease over the specified period of time. The total count (in blue) represents the most recent count, which is the count at the end of whichever time period is displayed.

You cannot generate a report directly from the Threat Response Center, but the alert widgets at the top of the Threat Response Center page are available for customer report generation in the Widget Library. To find the Widget Library, navigate to DashboardsWidget Library in the main menu on the left.