Alert side panel - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-07
Category
Administrator Guide
Abstract

The alert side panel provides detailed information about alerts at a glance and in the context of the incident.

The alert side panel provides detailed information about alerts at a glance and in the context of the incident. To open the alerts panel, on the Alerts page click on any alert.

In this view, you can change the severity of an alert, star it, investigate it in the causality view, and exclude it from the Analytics. The panel displays the name and description of the alert, the source that triggered the alert, and the following details where applicable:

  • General: Displays general information about the alert.

  • Behavioral analytics: Displays graphs that visualize the anomalies that were observed by the detector.

  • MITRE ATT&CK: Displays the MITRE ATT&CK tactics and techniques.

  • Host: Displays the Host platform, Host name, Host IP, Host MAC address, Host FQDN.

  • Rule: Displays details about the alert that triggered the rule.

  • Connection details: Displays information about network connections, login, process execution, RPC calls, system calls, or registry events.

  • Cloud audit log: Displays the audit log details for alerts generated on cloud hosts.