Viewing ingestion and collection alerts - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-05-12
Category
Administrator Guide
Abstract

Learn more about the Data Ingestion Health page and ingestion and collection alerts.

You can view ingestion and collection alerts on the Data Ingestion Health page. Access the page from Settings Data Ingestion Health.

The Data Ingestion Health page lists all ingestion and collection alerts in your environment.

  • Collection alerts

    Collection alerts identify API connectivity errors in collection integrations. To investigate all status changes you can query the collection_auditing dataset.

  • Ingestion alerts

    Ingestion alerts identify disruption in data collection and are based on the data ingestion health metrics. For more information about this option, see Monitoring Data Ingestion Health.

    You can further investigate an ingestion alert by right-clicking on the alert and selecting Investigate in XQL query. The query results display related data ingestion metric entries that provide context to the alert and the events leading up to it. You can change the timeframe, and any of the other default values to refine your search.

In the Data Ingestion Health Table, you can customize your view of the alerts by adding or removing filters. You can also filter the page result to narrow down your search. The following table describes the default and optional fields.