Context data - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-12-04
Category
Administrator Guide
Abstract

Use context data to assist with the investigation and remediation process.

Context data is a map (dictionary) that stores structured data related to an alert, including alert fields and automations data. You can use context data to pass data between playbook tasks, and create scripts that map data into incident and alert fields.