Review detailed information about a threat event, including related alerts and incidents, in the Threat Response Center.
Each threat event in the Threat Response Center has a dedicated page where you can find all the information about the threat, including related incidents and alerts. From the threat event page, you can research the threat, assess how the threat impacts your organization, and create a remediation plan. Cortex Xpanse security researchers update threat event pages as new information is discovered.
Navigate to
→ → .Click anywhere in the row of the relevant threat event to open the detailed threat event page.
Review the information on this page to learn about the threat event and build a remediation plan for your organization.
Information displayed on threat event pages includes:
Summary of related of alerts and the status of those alerts
Related attack surface rules and whether or not they are enabled
Active incidents by business unit and assignee, with click-throughs to the incidents page so you can begin remediation
Threat summary and exploit consequences
Links to additional sources of information about the threat
Remediation and mitigation suggestions
Affected software, including affected versions
List of the related CVEs, with links to the National Vulnerability Database
In general, when a new threat event is added to the Threat Event Center, we recommend that you monitor whether Cortex XSIAM is generating alerts on the new threat. If you see alerts for the the new threat, we encourage you to remediate them.