Cortex XSIAM generates alerts to bring your attention to security risks in your framework.
Alerts help you to monitor and control the security of your system framework by alerting you to security risks in your framework. Cortex XSIAM generates alerts from the following:
Rules that you set up, such as BIOC, IOC, correlation rules, etc.
Agents
Firewalls
Analytics
Integrations
Integrations enable you to ingest events, such as phishing emails, SIEM events, from third party security and management vendors. You might need to configure the integrations to determine how events are classified as events. For example, for email integrations, you might want to classify items based on the subject field, but for SIEM events, you want to classify by event type.