With Cortex XDR you can choose to receive notifications
to keep up with the alerts that
matter to your teams.
Cortex XDR you can choose to receive notifications to keep up with
the alerts that matter
to your teams. To forward notifications, you create a forwarding configuration
that specifies the log type you want to forward. You can also add
filters to your configuration to send notifications that match specific
Cortex XDR applies the filter only to future
for specific alert types (for example, XDR Agent ).
type of information you want included in a notification.
For example, set a filter
Severity = Medium, Alert Source = XDR Agent
Cortex XDR sends the alerts or events matching this filter as a
) Define your
add the email addresses to which you want to send email notifications.
Email Grouping Time Frame
in minutes, to specify how often Cortex XDR sends notifications.
Every 30 alerts aggregated
within this time frame are sent together in one notification, sorted
according to the severity. To send a notification when one alert is generated, set the
time frame to
Choose whether you want Cortex XDR to provide an auto-generated
If you previously used the Log Forwarding app and
want to continue forwarding logs in the same format, you can
name and select from the list of available channels.
Slack channels are managed independently of Cortex XDR
in your Slack workspace. After integrating your Slack account with
your Cortex XDR tenant, Cortex XDR displays a list of specific Slack
channels associated with the integrated Slack workspace.
Cortex XDR displays the list of receivers integrated with
your Cortex XDR tenant.
to create the forwarding
) To later modify a saved forwarding
configuration, right-click the configuration, and