Triage Incidents

Triage your incidents using the incident view tabs.
To help you triage and investigate your incidents, Cortex XDR displays your incidents in a split-pane view allowing you to easily investigate the entire scope and cause of an event, view all relevant assets, suspicious artifacts, and alerts within the incident details.
Navigate to
Investigation
Incidents
. The Incident split-pane view is divided into two main sections:
  • Incident List
  • Details Pane
The Details Pane supports Advanced View for incidents created after Cortex XDR 3.0. Incidents created before Cortex XDR 3.0, are displayed in a Legacy view. To enable flexibility, you can select to display incidents created after Cortex XDR 3.0 Cortex using either the
Legacy view
or
Advanced view
.
The Incident List enables you to filter and sort according to the incident fields, such as status, score, severity, and timestamp. Each incident displays a summary of the incident severity, assignee, status, creation time, description, and assets. From the Incident List you can also review additional information.
The Details pane displays the information of the selected incident in the Incident List. The pane is made up of the following tabs that allow you to further investigate and manage each incident:
  • Overview
    Made up of an Incident Header listing the incident details, the MITRE tactics and techniques, summarized timeline, and widgets to visualize the number of alerts, type of sources, hosts, and users associated with the incident.
  • Timeline
    A chronological representation of alerts and actions relating to the incident.
  • Alerts & Insights
    Displays a table of the alerts and insights associated with the incident.
  • Key Assets & Artifacts
    Displays the incident asset and artifact information of hosts, users, and key artifacts associated with the incident.
  • Executions
    Present the causality chains associated with the incident.

Recommended For You