Manage Alerts

You can manage Cortex XDR alerts and view alert details from the Alerts page.
From the
Alerts
page, you can manage the alerts you see and the information Cortex XDR displays about each alert.
alerts-table.png

Copy Alerts

There are two ways you can copy an alert into memory: you can copy the URL of the alert record, or you can copy the value for an alert field. With either option, you can paste the contents of memory into an email to send. This is helpful if you need to share or discuss a specific alert with someone. If you copy a field value, you can also easily paste it into a search or begin a query.
  • Create a URL for an alert record:
    1. From the
      Alerts
      page, right-click the alert you want to send.
    2. Select
      Copy alert URL
      .
      Cortex XDR saves the URL to memory.
    3. Paste the URL into an email or use as needed to share the alert.
  • Copy a field value in an alert record:
    1. From the
      Alerts
      page, right-click the field in the alert that you want to copy.
    2. Select
      Copy
      .
      Cortex XDR saves the field contents to memory.
    3. Paste the value into an email or use as needed to share information from the alert.

Analyze an Alert

To help you understand the full context of an alert, Cortex XDR provides a powerful analysis view that empowers you to make a thorough analysis very quickly.
The Causality View is available for XDR agent alerts that are based on endpoint data and for alerts raised on network traffic logs that have been stitched with endpoint data.
To view the analysis:
  1. From the
    Alerts
    page, locate the alert you want to analyze.
  2. Right-click anywhere in the alert, and select
    Analyze
    .
    Cortex XDR opens the alert in the Causality View.
  3. Review the chain of execution and available data for the process and, if available, navigate through the processes tree.

Create Profile Exceptions

Quickly create exception for Window processes, BTP, and JAVA deserialization alerts directly from the
Alerts
table.
  1. Right-click an alert of source
    XDR Agent
    , category
    Exploit
    , and select
    Create alert exception
    .
    Cortex XDR opens a Create Alert Exception window detailing the exception parameters.
  2. Select an
    Exception Scope
    :
    • Global
      - Applies the exception across your organization.
    • Profile
      - Select an existing profile or click and enter a
      Profile Name
      to create a new profile.
  3. Add
    .
  4. (
    Optional
    ) View your profile exceptions.
    1. Navigate to
      Endpoints
      Policy Management
      Profiles
      .
    2. In the
      Profiles
      table, locate the OS in which you created your global or profile exception and right-click to view or edit the exception properties.

Retrieve Alert Details

To easily access additional information relating to an alert:
  1. From the Alerts page, locate the alert for which you want to retrieve information.
  2. Right-click anywhere in the alert, and select one of the following options:
    • Retrieve alert data
    • Retrieve related files
    • View full endpoint details
  3. Navigate to
    Response
    Action Center
    to view retrieval status.

Recommended For You