Cortex XDR
Cortex XDR is a security platform that helps organizations stop sophisticated attacks by analyzing data from network, endpoint, and cloud sources. It uses machine learning to detect threats and automatically reveal the root cause of alerts, which speeds up investigations.
Products
Integrations
Cortex XDR with Polarity
The Polarity - Cortex XDR Integration allows you to search for incidents and run XQL Queries. Due to limits on the number of XQL queries that can be running at any given time, the integration only runs the provided XQL query when a user opens the details block for the entity in question. Once the XQL query has started, the user can check the status of the query. Once the query is complete, results will be displayed in the Overlay Window.
Examples
Cortex XDR Data Overview - Incidents
- Summary Tags: When an analyst looks up information in Cortex XDR they will look up related incidents and execute the XQL query that is set up in the integration. When data returns in either of those the analyst can quickly see the number of related incidents and related hits for the XQL query.
- Incident Information: Looking at the details of the Cortex XDR integration will enable analysts to quickly see information about related incidents the indicator is apart. Quickly gaining context around what the incident is, any alerts associated with the incident the severity and more!
Cortex XDR Data Overview - XQL Queries
- XQL Context: When looking at the XQL Query tab in the details of the integration, analysts will be able to see any additional context related to the indicator. Ranging from SSO to firewall context. Allowing analysts to quickly have more context on the indicators from XDR that is outside of the incidents.
Related Resources
Built By Polarity