Learn more about how to use the Cortex XDR interface.
Cortex XDR provides an easy-to-use interface. Here you can learn more about the user interface, shortcuts and useful tips.
Note
Each SAML login session is valid for 8 hours.
Filter page results
To reduce the number of results, you can filter by any heading and value. When you apply a filter, Cortex XDR displays the filter criteria above the results table. You can also filter individual columns for specific values using the icon to the right of the column heading.
Some fields also support additional operators such as =, !=, Contains, not Contains, *, !*.
There are three ways you can filter results:
Filters are persistent. When you navigate away from the page and return, any filter you added remains active.
To build a filter using one or more fields:
From a Cortex XDR page, select filter ().
Cortex XDR adds the filter criteria above the top of the table.
For each field you would like to filter by:
Select or search the field.
Select the operator that matches the criteria.
Use = to include results that match the value you specify, or != to exclude results that match the value.
Enter a value to complete the filter criteria.
Note
CMD fields have a 128-character limit. Shorten longer query strings to 127 characters and add an asterisk (*).
Alternatively, you can select Include empty values to create a filter that excludes or includes results when the field has empty values.
To add additional filters, click +AND, within the filter brackets, to display results that must match all specified criteria, or +OR to display results that match any of the criteria.
To see the results, click out of the filter area.
Export results to file
You can export the page results for most pages in Cortex XDR to a tab-separated values (TSV) file.
(Optional) Filter page results to reduce the number of results for export.
Select export to file ().
Cortex XDR exports any results matching your applied filters in TSV format. The TSV format requires a tab separator, automatic detection does not work in the case of multi-event exports.
Save and share filters
You can save and share filters across your organization.
Save a filter:
Saved filters are listed on the Filters tab for the table layout and filter manager menu.
Save () the active filter.
Enter a name to identify the filter.
You can create multiple filters with the same name. Saving a filter with an existing name does not override the existing filter.
Choose to Share this filter, or keep it private for your use only.
Share a filter:
You can share a filter across your organization.
Select the table layout and filter menu indicated by the three vertical dots, then select Filters.
Select the filter to share and click the share icon.
You can later unshare () or delete () a filter.
Unsharing a filter turns a public filter private. Deleting a shared filter removes it for all users.