From the Cortex® XDR™ management console, you can manage
the user scores.
provides a central location from which you can view and investigate
information relating to the user scores in your network.
Identity Analytics, Cortex XDR is able to aggregate from Workday
and Active Directory a list of all the user assets located within
your network according to their associated incidents. To help investigate
user activities and detect compromised accounts and malicious activities,
Cortex XDR calculates a User Score that allows you to easily identify
the most high-risk users in your organization.
The User Score
is the higher score of the following two components:
Incident Scoring Rules—Alerts
within an incident matching your scoring rules criteria are each
given a score. The alert with the highest score from the incident
is assigned as the User Score.
System Rules—Alerts within an incident matching Cortex XDR
generated scoring rules are each given a score. Cortex XDR sums
all the alerts for each incident up to a total of 100. The highest
score is assigned as the User Score.
alerts are associated with incidents, the User Score assigned is
recalculated. Navigate to the User Scores table to view the latest
score, and the User View to
track the User Score trend.
To investigate your users,
Cortex displays the following information:
Filter and review your assets.
The following table describes the fields
in the table:
Represents the Cortex XDR high-risk user score.
The score is updated continuously as new alerts are associated with
Name of the user as provided by Cortex XDR.
Name of user as provided by Workday or Active Directory.
Department of user as provided by Workday or Active
Phone number of user as provided by Workday or
Email of user as provided by Workday or Active Directory.
Location of user as provided by Workday or Active
Last date and time the user accessed Cortex XDR.
Investigate further by locating the user you want to
investigate, right-click and Open User View.