Research a threat event - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-13
Category
Administrator Guide
Abstract

Review detailed information about a threat event, including related alerts and incidents, in the Threat Response Center.

Each threat event in the Threat Response Center has a dedicated page where you can find all the information about the threat, including related incidents and alerts. From the threat event page, you can research the threat, assess how the threat impacts your organization, and create a remediation plan. Cortex Xpanse security researchers update threat event pages as new information is discovered.

  1. Navigate to DetectionAttack SurfaceThreat Response Center.

  2. Click anywhere in the row of the relevant threat event to open the detailed threat event page.

  3. Review the information on this page to learn about the threat event and build a remediation plan for your organization.

    Information displayed on threat event pages includes:

    • Summary of related of alerts and the status of those alerts

    • Related attack surface rules and whether or not they are enabled

    • Active incidents by business unit and assignee, with click-throughs to the incidents page so you can begin remediation

    • Threat summary and exploit consequences

    • Links to additional sources of information about the threat

    • Remediation and mitigation suggestions

    • Affected software, including affected versions

    • List of the related CVEs, with links to the National Vulnerability Database

In general, when a new threat event is added to the Threat Event Center, we recommend that you monitor whether Cortex XSIAM is generating alerts on the new threat. If you see alerts for the the new threat, we encourage you to remediate them.