Manage Incident Starring

Create an incident starring configuration that categorizes and stars incidents when alerts contain attributes that you decide are important.
To help you focus on the incidents that matter most, you can star an incident. Cortex XDR identifies starred incidents with a purple star. You can star incidents in two ways: You can manually star an incident after reviewing it, or you can create an incident starring configuration that automatically categorizes and stars incidents when a related alert contains the specific attributes that you decide are important.
After you define an incident starring configuration, Cortex XDR adds a star indicator to any incidents that contain alerts that match the configuration.
You can then sort or filter the Incidents table for incidents containing starred alerts and similarly filter the Alerts table for starred alerts. In addition, you can also choose whether to display all incidents or only starred incidents on the Incidents Dashboard.

Star a Specific Incident

To manually star an incident during or after investigation:
  1. Select
    Investigation
    Incidents
    .
  2. From the Incident List, locate the incident you want to star.
  3. Select the star icon.

Create a Starring Configuration

To proactively star alerts and incidents containing alerts, create a starring configuration.
  1. Select
    Investigation
    Incident Management
    Starred Alerts
    .
  2. + Add Starring Configuration
  3. Enter a
    Configuration Name
    to identify your starring configuration.
  4. Enter a descriptive
    Comment
    that identifies the reason or purpose of the starring configuration.
  5. Use the alert filters to build the match criteria for the policy.
    You can also right-click a specific value in the alert to add it as match criteria. The app refreshes to show you which alerts in the incident would be included.
  6. Create
    the policy and confirm the action.
    If you later need to make changes, you can view, modify, or delete the exclusion policy from the
    Investigation
    Incident Management
    Starred Alerts
    page.

Recommended For You