Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: Connector definition
| Column Name | Type | Description |
|---|---|---|
| AlertCategories | dynamic | The alert grouping status. |
| AlertCount | int | The number of alerts regarding the incident. |
| AlertsGroupingStatus | string | The alert grouping status. |
| AssignedUserMail | string | The assigned user mail address. |
| assignedUserPrettyName | string | The assign user display name. |
| CreationTime | datetime | The time which the incident was created. |
| CriticalSeverityAlertCount | int | The number of critical severity alerts regarding the incident. |
| Description | string | The description of the incident. |
| DetectionTime | datetime | The time which the incident was detected. |
| HighSeverityAlertCount | int | The number of high severity alerts regarding the incident. |
| HostCount | int | The host count regarding the incident. |
| Hosts | dynamic | The hosts regarding the incident. |
| IncidentId | string | The unique identifier for the incident. |
| IncidentName | string | The name of the incident |
| IncidentSources | dynamic | The sources regarding the incident. |
| LowSeverityAlertCount | int | The number of low severity alerts regarding the incident. |
| ManualDescription | string | Any comments associated with the event. |
| ManualScore | int | The manual score of the incident. |
| ManualSeverity | string | The severity applied manually regarding the incident. |
| MedSeverityAlertCount | int | The number of medium severity alerts regarding the incident. |
| MitreTacticsIdsAndNames | dynamic | Mitre tactics ids and names. |
| MitreTechniquesIdsAndNames | dynamic | Mitre techniques ids and names. |
| ModificationTime | datetime | The time which the incident was updated. |
| Notes | string | The notes regarding the incident. |
| OriginalTags | dynamic | The original tags of the incident. |
| ResolveComment | string | The resolve comment writen in the incident. |
| ResolvedTimestamp | datetime | The timestemp when the incident has been resolved. |
| RuleBasedScore | int | The rule base score of the incident. |
| Severity | string | The severity of the incident. |
| Starred | bool | Is the incident starred. |
| Status | string | The status of the incident. |
| Tags | dynamic | The tags of the incident. |
| TimeGenerated | datetime | The timestamp (UTC) reflecting the time in which the event was generated. |
| UserCount | int | The user count regarding the incident. |
| Users | dynamic | Any comments associated with the event. |
| WildfireHits | int | The wild fire hits. |
| XdrUrl | string | The link of the incident. |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Palo Alto Cortex XDR | |
| Cortex XDR - Incidents |
In solution Cortex XDR:
| Analytic Rule | Selection Criteria |
|---|---|
| Cortex XDR Incident - High | |
| Cortex XDR Incident - Low | |
| Cortex XDR Incident - Medium |
| Parser | Solution | Selection Criteria |
|---|---|---|
| CortexXDR_Incidents_CL | Cortex XDR |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊