From the Cortex® XDR™ management console you can investigate
alerts through building queries to identify connections between alerts.
a powerful search tool at the heart of Cortex XDR that you can use
to investigate any lead quickly, expose the root cause of an alert,
perform damage assessment, and hunt for threats from your data sources.
, you can build complex
queries for entities and entity attributes so that you can surface
and identify connections between them. The
the raw data and logs stored in Cortex Data Lake and Cortex XDR
for the entities and attributes you specify and returns up to 100,000
, you can also use
the XQL Search to create XQL queries to
search for and view raw data that is stored in Cortex XDR or imported
from custom and third-party datasets.
provides queries for
the following types of entities:
—Search on process execution
and injection by process name, hash, path, command-line arguments, and
more. See Create a Process Query.
—Search on file creation and modification
activity by file name and path. See Create a File Query.