Predefined Dashboards - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Prevent Administrator Guide

Product
Cortex XDR
License
Prevent
Creation date
2023-10-31
Last date published
2024-02-28
Category
Administrator Guide
Abstract

Cortex XDR comes with predefined dashboards for common reports that enable you to monitor the status of your deployment.

Cortex XDR provides predefined dashboards that display widgets tailored to the dashboard type. To access your default dashboard select Dashboards & ReportsDashboard. From the dashboard header, a drop-down menu lists the available Predefined and Custom dashboards. The available dashboards depend on your license type.

You can rename and customize a predefined dashboard in the Dashboard Builder. For more information, see Build a Custom Dashboard.

The Agent Management dashboard displays at-a-glance information about the endpoints and agents in your deployment.

Note

Support for the Agent Management dashboard requires either a Cortex XDR Prevent or Cortex XDR Pro per Endpoint license.

agent-management-dashboard.png

The dashboard includes the following Dashboard Widgets:

  • Agent Status Breakdown

  • Agent Content Version Breakdown (Top 5)

  • Agent Version Breakdown (Top 5)

  • Operating Type Distribution

  • Top Hosts (Top 10 | Last 30 days)

The Incidents Management dashboard provides a graphical summary of incidents in your environment, with incidents prioritized and listed by severity, assignee, incident age, and affected hosts.

The dashboard includes the following Dashboard Widgets:

  • Incidents by Assignee (Top 10 | Last 30 days)

  • Open Incidents

  • Open Incidents By Severity (Last 30 days)

  • Open Incidents by Assignee Over Time (Top 10)

  • Top Hosts (Top 10 | Last 30 days)

  • Top Incidents (Top 10)

To filter a widget to display only incidents that match incident starring policies, select the star in the right corner. A purple star indicates that the widget is displaying only starred incidents. The starring filter is persistent and will continue to show the filtered results until you clear the star.

My Dashboard provides an overview of the incidents and MTTR for the logged-in user.

my-dashboard.png

The dashboard includes the following Dashboard Widgets:

  • My Incidents

  • My MTTR by Severity vs Target

  • My Open Incidents By Severity

  • My Incidents Over Time

The NGFW Ingestion Dashboard provides an overview of ingestion status for all log types, the daily quota consumption for NGFW, and a breakdown by log type.

Note

The NGFW Ingestion Dashboard requires a Cortex XDR Pro per GB license.

The dashboard includes the following Dashboard Widgets:

  • NGFW Daily Consumption

  • NGFW Ingestion Rate

  • NGFW Detailed Ingestion by log type

The Security Admin Dashboard displays an overview and detailed information regarding the incidents across your organization and the status of resolved and overdue incidents.

security-admin-dashboard.png

The dashboard includes the following Dashboard Widgets:

  • Incident Status Board—Displays a breakdown of the incidents over the last 30 days, 7 days, or 24 hours.

  • Resolved Incident MTTR—Displays the overall MTTR of all incidents created by severity and the average time it took to resolve the incidents compared to the defined Target MTTR over the last 30 days, 7 days, or 24 hours.

  • Overdue Incidents of Top 5 Assignees—Displays the top 5 assignees by assignee name with the highest number of overdue incidents over the last 30 days, 7 days, or 24 hours according to the incidents creation time.

  • Incidents Over Time—Displays the number of new incidents and resolved incidents over 14 days.

  • Newest Incidents— Display incidents details of the 5 most recent incidents.

The Security Manager Dashboard widgets display general information about Cortex XDR incidents and agents.

Note

The Security Manager Dashboard requires either a Cortex XDR Prevent or Cortex XDR Pro per Endpoint license.

The dashboard includes the following Dashboard Widgets:

  • Agent Status Breakdown

  • Agent Version Breakdown (Top 5)

  • Incidents by Assignee (Top 10 | Last 30 days)

  • Open Incidents By Severity (Last 30 days)

  • Top Incidents (Top 10)

  • Open Incidents