search cancel

SIEM Agent export log does not have the same severity as Detect Incident

book

Article ID: 215972

calendar_today

Updated On:

Products

CASB Security Advanced CASB Security Premium CASB Security Standard

Issue/Introduction

SIEM exported logs do not have the medium or high incidents shown in the Detect incident section under event logs.

Environment

Component: Investigate

Cause

Detect Incidents currently can only be exported from the Detect module. 

Resolution

To export these incidents, go to Detect, then Incidents, and then click the Export Incidents option.

Additional Information

Because the Detect admin can adjust the Severity Thresholds, the resulting severity level might change. The admin can also use ThreatScore as a reference.