Dataset Management - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide


This feature requires a Cortex XDR Pro license.

The Dataset Management page enables you to manage your datasets and understand your overall data storage duration for different retention periods based on your Hot and Cold Storage licenses, including retention add-ons to extend your storage. The top of the page is where the details of your data retention licenses are listed.


For more information on license retention and the defaults provided per license, see License Retention.


Cortex XDR enforces retention on all log-type datasets excluding Host Inventory, Vulnerability Assessment, Metrics, and Users.

Hot and Cold Storage


Learn more about how your Hot and Cold Storage licenses are displayed in the Dataset Management page.

Your current hot and cold storage licenses, including the default license retention and any additonal retention add-ons to extend storage, are listed within the Hot Storage License and Cold Storage License sections of the Dataset Management page. Whenever you extend your license retention, depending on your requirements and license add-ons for both Hot Storage and Cold Storage, the add-ons are listed.

Datasets Table


Learn more about the Datasets table in the Dataset Management page.

For each dataset listed in the table, the following information is available.


  • Certain fields are exposed and hidden by default. An asterisk (*) is beside every field that is exposed by default.

  • Datasets include dataset permission enforcements in the Cortex Query Language (XQL), Query Center, and XQL Widgets. For example, to view or access any of the endpoints and host_inventory datasets, you need role-based access control (RBAC) permissions to the Endpoint Administration and Host Inventory views. Managed Security Services Providers (MSSP) administration permissions are not enforced on child tenants, but only on the MSSP tenant.