The correct answer isA – The rule is configured with alert severity below Medium.
By default, in Cortex XSIAM,only alerts with a severity of Medium or higher will automatically generate incidents. If a correlation rule creates alerts with severity set below Medium (such as Low or Informational), these alerts willnotresult in the automatic creation of an incident. This ensures that incident queues are not filled with low-priority events.
"Incidents are generated only for alerts with severity of Medium or higher. Alerts below this threshold will not automatically create incidents."
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit