Investigate alerts through building queries to identify
connections between alerts.
a powerful search tool at the heart of Cortex XDR that you can use
to investigate any lead quickly, expose the root cause of an alert,
perform damage assessment, and hunt for threats from your data sources.
, you can build complex
queries for entities and entity attributes so that you can surface
and identify connections between them. The
the raw data and logs stored in Cortex Data Lake and Cortex XDR
for the entities and attributes you specify and returns up to 100,000
provides queries for
the following types of entities:
—Search on process execution
and injection by process name, hash, path, command-line arguments,
and more. See Create a Process Query.
—Search on file creation and modification
activity by file name and path. See Create a File Query.