Causality View - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Cortex XSIAM
Creation date
Last date published
Administrator Guide

The Causality View provides a powerful way to analyze and respond to alerts. The scope of the Causality View is the Causality Instance (CI) to which this alert pertains. The Causality View presents the alert (generated by Cortex XDR/Cortex XSIAM or sent to Cortex XDR/Cortex XSIAM from a supported alert source such as the XDR agent) and includes the entire process execution chain that led up to the alert. On each node in the CI chain, Cortex XDR/Cortex XSIAM provides information to help you understand what happened around the alert.