Question 40 - PCDRA discussion

The ''assigned to'' field value of a new incident that was just reported to Cortex is ''Unassigned''. This means that the incident has not been assigned to any analyst or group yet, and it is waiting for someone to take ownership of it. The ''assigned to'' field is one of the default fields that are displayed in the incident layout, and it can be used to filter and sort incidents in the incident list.The ''assigned to'' field can be changed manually by an analyst, or automatically by a playbook or a rule12.

Let's briefly discuss the other options to provide a comprehensive explanation:

A) Pending: This is not the correct answer. Pending is not a valid value for the ''assigned to'' field. Pending is a possible value for the ''status'' field, which indicates the current state of the incident.The status field can have values such as ''New'', ''Active'', ''Done'', ''Closed'', or 'Pending'3.

B) It is blank: This is not the correct answer. The ''assigned to'' field is never blank for any incident.It always has a default value of ''Unassigned'' for new incidents, unless a playbook or a rule assigns it to a specific analyst or group12.

D) New: This is not the correct answer. New is not a valid value for the ''assigned to'' field. New is a possible value for the ''status'' field, which indicates the current state of the incident.The status field can have values such as ''New'', ''Active'', ''Done'', ''Closed'', or 'Pending'3.

In conclusion, the ''assigned to'' field value of a new incident that was just reported to Cortex is ''Unassigned''. This field can be used to manage the ownership and responsibility of incidents, and it can be changed manually or automatically.

Cortex XDR Pro Admin Guide: Manage Incidents

Cortex XDR Pro Admin Guide: Assign Incidents

Cortex XDR Pro Admin Guide: Update Incident Status