Question

A new low-level severity alert is externally created and sent to Cortex XDR. Cortex XDR finds a matching incident with a severity level Medium for this alert. What happens to this incident?

a) Severity level gets lowered
b) Incident remains unchanged
c) Severity level gets heightened
d) Incident gets deleted

Answer 1

If Cortex XDR receives a new alert with a low severity level that matches an existing incident with a medium severity level, the severity level of the incident remains unchanged.

Step-by-step explanation:

When a new low-level severity alert is externally created and sent to Cortex XDR, and Cortex XDR finds an existing incident with a severity level of Medium for this alert, the incident remains unchanged. This is because the existing incident already has a medium severity level, and the new alert with a lower severity does not affect the current status of the incident. In Cortex XDR, incidents do not downgrade in severity based on the receipt of lower severity alerts; the intent is to ensure that response efforts are commensurate with the highest level of risk detected.