Leverage Relationships in the Canvas - Threat Intel Management Guide - 6.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Threat Intel Management Guide

Product
Cortex XSOAR
Version
6.6
Creation date
2022-09-29
Last date published
2023-12-12
End_of_Life
EoL
Category
Threat Intel Management Guide

Within an incident, you can use the Canvas to further explore it and see if any of the indicator relationships provide more information.

  1. Within an incident, navigate to the Canvas tab.

  2. On the Canvas, click your incident.

    The Quick View window is displayed.

  3. Navigate to the Indicators tab.

    The indicators for this incident are displayed with their current verdict. For example, benign indicators have a green background, malicious indicators have a red background, and unknown indicators have a grey background.

  4. Drag the indicators you want to further investigate on to the canvas.

  5. Hover over an indicator on the canvas and click the blue arrow icon.

    A menu with several options appears.

  6. To view the indicator’s relationships, click Expand.

    If the indicator has additional relationships, those relationships are added to the canvas.

  7. Click the indicator to view additional information about it and any possible relationships that might exist.