Triage Incidents

Triage your incidents using the incident view tabs.
To help you triage and investigate your incidents,
Cortex
XDR
displays your incidents in a split-pane view allowing you to easily investigate the entire scope and cause of an event, view all relevant assets, suspicious artifacts, and alerts within the incident details.
Navigate to
Incident Response
Incidents
. The Incident split-pane view is divided into two main sections:
  • Incident List
  • Details Pane
The Details Pane supports Advanced View for incidents created after Cortex XDR 3.0. Incidents created before Cortex XDR 3.0, are displayed in a Legacy view. To enable flexibility, you can select to display incidents created after Cortex XDR 3.0 Cortex using either the
Legacy view
or
Advanced view
.
The Incident List enables you to filter and sort according to the incident fields, such as status, score, severity, and timestamp. Each incident displays a summary of the incident severity, assignee, status, creation time, description, and assets. From the Incident List you can also review additional information.
The Details pane displays the information of the selected incident in the Incident List. The pane is made up of the following tabs that allow you to further investigate and manage each incident.
  • Overview
    —Made up of an Incident Header listing the incident details, the MITRE tactics and techniques, summarized timeline, and widgets to visualize the number of alerts, type of sources, hosts, and users associated with the incident. Select the pin icon next to the tab name to always display a specific tab first when you investigate incidents.
  • Key Assets & Artifacts
    —Displays the incident asset and artifact information of hosts, users, and key artifacts associated with the incident.
  • Alerts & Insights
    —Displays a table of the alerts and insights associated with the incident.
  • Timeline
    —A chronological representation of alerts and actions relating to the incident.

Recommended For You