Select Alert Sources to map corresponding incidents to a security incident. Alert Sources are refreshed every time a profile is opened and new rules are available for selection. The Cortex XSIAM integration supports multiple
profiles.
始める前に
Role required: sn_si.admin, sn_si.ingestion_profile_admin
手順
-
If you are not continuing from the previous section of the incident profile definition process, access the profile you are defining.
-
Navigate to .
-
Select the profile you are continuing to define.
-
Select Alert Sources in the progress bar.
-
Clear the All Alert Sources check box to select specific Alert Sources.
Selecting this check box will retrieve all active Alert Sources from XSIAM.
-
In the Alert Sources List search field, enter the Alert Source name created in the XSIAM portal.
-
Select the Alert Source.
-
Use the right arrow ( >) to move the rule from Available to Selected column.
-
Select Continue.