Which Cortex XSOAR feature is used to ensure that specific data points from an incoming alert (such as a "Source_Address" from a firewall log) are correctly assigned to the standardized "Source IP" field within the XSOAR incident?
In Cortex XSOAR, the process of handling incoming data involves two distinct steps: Classification and Mapping.
Classification: Determines what the incident is (e.g., 'This is a Phishing incident').
Mapping (B): Once the incident type is known, Mapping is used to 'link' the raw data from the source integration to the fields in the XSOAR incident. For example, if a third-party tool sends an IP in a field called src, the Mapper ensures that value is placed into the XSOAR incident field sourceip.
Consistency: This ensures that regardless of which tool detected the threat, the analyst and the playbooks always see the data in the same standardized fields, which is essential for automation to work correctly.
Currently there are no comments in this discussion, be the first to comment!