Investigate alerts - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-13
Category
Administrator Guide
Abstract

Cortex XSIAM generates alerts to bring your attention to security risks in your framework.

Alerts help you to monitor and control the security of your system framework by alerting you to security risks in your framework. Cortex XSIAM generates alerts from the following:

  • Rules that you set up, such as BIOC, IOC, correlation rules, etc.

  • Agents

  • Firewalls

  • Analytics

  • Integrations

    Integrations enable you to ingest events, such as phishing emails, SIEM events, from third party security and management vendors. You might need to configure the integrations to determine how events are classified as events. For example, for email integrations, you might want to classify items based on the subject field, but for SIEM events, you want to  classify by event type.