Triage your incidents using the incident view tabs.
To help you triage and investigate your incidents,
Cortex XDR displays your incidents in a split-pane view allowing
you to easily investigate the entire scope and cause of an event,
view all relevant assets, suspicious artifacts, and alerts within
the incident details.
. The Incident split-pane
view is divided into two main sections:
The Details Pane supports
Advanced View for incidents created after Cortex XDR 3.0. Incidents
created before Cortex XDR 3.0, are displayed in a Legacy view. To
enable flexibility, you can select to display incidents created
after Cortex XDR 3.0 Cortex using either the
Incident List enables you to filter and sort according to the incident
fields, such as status, score, severity, and timestamp. Each incident
displays a summary of the incident severity, assignee, status, creation
time, description, and assets. From the Incident List you can also review additional
The Details pane displays the information
of the selected incident in the Incident List. The pane is made
up of the following tabs that allow you to further investigate and manage each
Made up of an Incident Header
listing the incident details, the MITRE tactics and techniques,
summarized timeline, and widgets to visualize the number of alerts,
type of sources, hosts, and users associated with the incident.
A chronological representation of alerts and
actions relating to the incident.
Alerts & Insights
Displays a table of the alerts
and insights associated with the incident.
Key Assets & Artifacts
Displays the incident asset
and artifact information of hosts, users, and key artifacts associated
with the incident.
Present the causality
chains associated with the incident.