Create an Incident Starring Configuration

To help you focus on the incidents that matter most, you can create an incident starring configuration that categorizes and stars incidents when alerts contain attributes that you decide are important. After you define an incident starring configuration, Cortex XDR adds a star indicator to any incidents that contain alerts that match the configuration.
incident-detail.png
You can then sort or filter the Incidents table for incidents containing starred alerts. In addition, you can also choose whether to display all incidents or only starred incidents on the Incidents Dashboard.
  1. In Cortex XDR, select
    Incidents
    Starred Alerts
    .
  2. + Add Starring Configuration
  3. Enter a
    Configuration Name
    to identify your starring configuration.
  4. Enter a descriptive
    Comment
    that identifies the reason or purpose of the starring configuration.
  5. Use the alert filters to build the match criteria for the policy.
    You can also right-click a specific value in the alert to add it as match criteria. The app refreshes to show you which alerts in the incident would be included.
    incident-starring-policy.png
  6. Create
    the policy and confirm the action.
    If you later need to make changes, you can view, modify, or delete the exclusion policy from the
    Incidents
    Starred Incidents
    page.

Recommended For You