Indicators

The Indicators panel displays the total number and list of indicators that were observed in the investigation, sorted by most frequently to least frequently seen. The producer, tags, and number of events associated with each indicator is also displayed.

An indicator describes a pattern of behavior or a set of conditions which indicate malicious behavior. Some indicators are more indicative than others of malicious behavior, so knowing exactly which bad behaviors an observable (such as a domain or an IP address) are exhibiting can help an incident responder decide what to do next.

To view indicators in Cisco XDR, expand Intelligence in the navigation menu and choose Indicators. For more information, see the Intelligence help topic.