You can star security events in Cortex XDR in two ways: manually star an alert or an incident, or

create an alert-starring or incident-starring configuration. Starring security events helps you prioritize

and track the events that are most important to you. You can also filter and sort the events by their

star status in the Cortex XDR console.

To manually star an alert or an incident, you can use the star icon in the Alerts table or the Incidents

table. You can also star an alert from the Causality View or the Query Center Results table. You can

star an incident from the Incident View or the Query Center Results table. You can also unstar an

event by clicking the star icon again.

To create an alert-starring or incident-starring configuration, you can use the Alert Starring

Configuration or the Incident Starring Configuration pages in the Cortex XDR console. You can define

the criteria for starring alerts or incidents based on their severity, category, source, or other

attributes. You can also enable or disable the configurations as needed.

Reference:

Star Security Events

Create an Alert Starring Configuration

Create an Incident Starring Configuration