Document toolboxDocument toolbox

edr.cortex_xdr

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Sept 16, 2024
6 min read
[ 1 Introduction ] [ 2 Tag structure ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

The tags begin with edr.cortex_xdr identify the events generated by Cortex XDR.

Tag structure

The full tag must have 3 levels. The first two are fixed as edr.cortex_xdr. The third level identifies the type of events sent.

Product / Services

Tags

Data tables

Product / Services

Tags

Data tables

Cortex XDR

edr.cortex_xdr.alerts

edr.cortex_xdr.alerts

Deprecated parser

This table is deprecated. Please use edr.cortex_xdr.incident_alert instead.

edr.cortex_xdr.alerts_multi

edr.cortex_xdr.alerts_multi

edr.cortex_xdr.alerts_multi_event

edr.cortex_xdr.alerts_multi_event

Deprecated parser

This table is deprecated. Please use edr.cortex_xdr.alerts_multi instead.

edr.cortex_xdr.all_alert

edr.cortex_xdr.all_alert

edr.cortex_xdr.audit_management

edr.cortex_xdr.audit_management

edr.cortex_xdr.incident_alert

edr.cortex_xdr.incident_alert

edr.cortex_xdr.incidents

edr.cortex_xdr.incidents

edr.cortex_xdr.violation

edr.cortex_xdr.violation

For more information, read more about Devo tags.

How is the data sent to Devo?

You can use the Cortex XDR collector to send events to your Devo domain. Learn more about this in this article

Table structure

These are the fields displayed in these tables: