Triage status - Administrator Guide - Cortex XSIAM - Cortex

Triage status - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product

Cortex XSIAM

Creation date

2024-02-26

Last date published

2024-04-25

Category

Administrator Guide

Abstract

From the Actions table, you can view the search status of all the artifacts for the triage.

You can drill down to the Actions table from the status link of the triage to view the search the status of all the artifacts for the triage.

Field	Description
Endpoint name	Agent hostname.
Endpoint ID	Agent unique ID.
Action ID	Unique identifier for this agent action.
Type	Type of collection. Example: `Amcache, File Collection, Event Logs`
Path	Path for files, registry path for registry artifacts.
Status	Shows one of the following statuses of the search: Pending: agent action sent In progress: SAM not sent Results received: received SAM results Timeout: SAM timed out Ingesting: Ingestion started Uploaded: data received, but not parsed Ingested: ingestion completed Partially ingested: ingested with errors Failed: ingestion failed
Details	Shows the detailed output from the ingestion script. Example: `Ingested X of Y records`
Collected	Time the data was collected.
Download expiration	Time when bucket data (raw files) is to be deleted.
Preset	Name of the triage configuration.
Collection Type	Collection type.
Triage ID	Unique ID associated with this triage data.