help you focus on the incidents that matter most, you can create
an incident starring configuration that categorizes and stars incidents
when alerts contain attributes that you decide are important. After
you define an incident starring configuration, Cortex XDR adds a
star indicator to any incidents that contain alerts that match the
can then sort or filter the Incidents table for incidents containing starred
alerts. In addition, you can also choose whether to display all
incidents or only starred incidents on the Incidents Dashboard.
In Cortex XDR, select
+ Add Starring Configuration
identify your starring configuration.
Enter a descriptive
the reason or purpose of the starring configuration.
Use the alert filters to build the match criteria for
You can also right-click a specific value in the alert
to add it as match criteria. The app refreshes to show you which
alerts in the incident would be included.
the policy and confirm
If you later need to make changes, you can view, modify,
or delete the exclusion policy from the