Predefined Dashboards - Cortex XDR comes with predefined dashboards for common reports that enable you to monitor the status of your deployment. - Administrator Guide - Cortex XDR - Cortex

Predefined Dashboards - Cortex XDR comes with predefined dashboards for common reports that enable you to monitor the status of your deployment. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product

Cortex XDR

License

Pro

Creation date

2024-07-16

Last date published

2024-12-12

Agent Management dashboard

Abstract

Use the Agent Management dashboard to view information about the agents and endpoints in your system.

The Agent Management dashboard displays at-a-glance information about the endpoints and agents in your deployment.

Note

Support for the Agent Management dashboard requires either a Cortex XDR Prevent or Cortex XDR Pro per Endpoint license.

The dashboard includes the following Dashboard Widgets:

Agent Status Breakdown
Agent Content Version Breakdown (Top 5)
Agent Version Breakdown (Top 5)
Operating Type Distribution
Top Hosts (Top 10 | Last 30 days)

Cloud Inventory dashboard

Abstract

Use the Cloud Inventory dashboard to get an overview of your cloud-based assets.

The Cloud Inventory dashboard displays an overview of all your assets on the cloud.

The dashboard is comprised of the following :

Accounts by Cloud Provider
Compute Instances Over Time
Assets by Cloud Provider
Assets by Type
Assets by Sub-Type
Assets by Geo Region
Assets by Region
Assets by Responsive Port Number
Responsive Assets Over Time

Data Ingestion dashboard

Abstract

Use the Data Ingestion dashboard to view information about the type and amount of data being ingested by Cortex XDR.

The Data Ingestion dashboard displays an overview and detailed information regarding the type and amount of data ingested by Cortex XDR according to the Products and Vendors used. For example, Syslog Collector, Check Point logs, and authentication logs.

The dashboard is comprised of the following :

Daily Consumption—Stacked graphs measuring your daily data consumption, according to either Vendors (default) or Products, versus your daily consumption limit. Each bar indicates a 24 hour range over the past 14 days. Cortex XDR measures and enforces the 24 hour rage according to UTC, but the graph displays the 24 hour rage according to the selected tenant timezone.
Ingestion Rate—Displays your data ingestion rate, measured in Traffic/ Sec, over the past 24 hours, 7 days, or 30 days filtered according to the type of Vendors (default), Products, or All Sources.
Detailed Ingestion—Table listing for the different Products (default) or Vendors, the LAST SEEN date and time, LAST DAY INGESTED for the amount of data ingested over the last 24 hour range, and the CURRENT DAY INGESTED for the current amount ingested in the past 24 hours. Detailed ingestion for the current 24 hours is updated in 5 minute intervals.

Note

Due to a calculation change in NGFW log ingestion and improvements to data ingestion metrics, you cannot view data earlier than July 2023 on this dashboard. However, you can still view this data by running Cortex XQL Language (XQL) queries on the metrics_center data set.

Incident Management dashboard

Abstract

Use the Incidents Management dashboard to view a summary of incidents in your environment.

The Incidents Management dashboard provides a graphical summary of incidents in your environment, with incidents prioritized and listed by severity, assignee, incident age, and affected hosts.

To filter a widget to display only incidents that match incident starring policies, select the star in the right corner. A purple star indicates that the widget is displaying only starred incidents. The starring filter is persistent and will continue to show the filtered results until you clear the star.

My dashboard

Abstract

Use My Dashboard to view incidents and MTTR for the logged-in user.

My Dashboard provides an overview of the incidents and MTTR for the logged-in user.

The dashboard includes the following Dashboard Widgets:

My Incidents
My MTTR by Severity vs Target
My Open Incidents By Severity
My Incidents Over Time

Network Traffic Analysis (NTA) dashboard

Abstract

Use the Network Traffic Analysis dashboard to visualize and track your network traffic.

The Network Traffic Analysis (NTA) dashboard helps you better visualize and track your Cortex XDR Network Traffic.

The dashboard is comprised of the following sections:

Overview
Threats
Network Zones
Geo Locations
DNS Activity
HTTP Activity
URL Activity

NGFW Ingestion dashboard

Abstract

Use the NGFW Ingestion dashboard to see an overview of ingestion status for all log types, the daily quota consumption for NGFW, and a breakdown by log type.

The NGFW Ingestion Dashboard provides an overview of ingestion status for all log types, the daily quota consumption for NGFW, and a breakdown by log type.

Note

The NGFW Ingestion Dashboard requires a Cortex XDR Pro per GB license.

The dashboard includes the following Dashboard Widgets:

NGFW Daily Consumption
NGFW Ingestion Rate
NGFW Detailed Ingestion by log type

Risk Management dashboard

Abstract

Use the Risk Management dashboard to view alert and incident information against the background of baseline information, to aid in risk assessment.

Note

This dashboard is available only when the Identity Threat Module add-on is enabled.

The Risk Management dashboard presents alert and incident information against the background of baseline information. The widgets in the dashboard enable you to asses the risk your organization faces from compromised accounts and insider threats. The alerts are included in this dashboard if they are tagged by the research as Identity Threat alerts or Identity Analytics alerts. An incident is included in the widgets even if only one alert in the incident is tagged as an Identity threat or an Identity Analytics threat.

Note

The Risk Management dashboard is provided as part of the Identity Threat Module add-on.

The dashboard includes the following Dashboard Widgets, detailed under Metrics Widgets.

Users
Hosts
Identity Alerts and Insights
Score Trend Timeline
Top 10 Incidents
Top 5 Hosts at Risk
Top 5 Users at Risk
Watchlist

Security Admin dashboard

Abstract

Use the Security Admin dashboard to view information about incidents, and the status of resolved and overdue ones.

The Security Admin Dashboard displays an overview and detailed information regarding the incidents across your organization and the status of resolved and overdue incidents.

The dashboard includes the following Dashboard Widgets:

Incident Status Board—Displays a breakdown of the incidents over the last 30 days, 7 days, or 24 hours.
Resolved Incident MTTR—Displays the overall MTTR of all incidents created by severity and the average time it took to resolve the incidents compared to the defined Target MTTR over the last 30 days, 7 days, or 24 hours.
Overdue Incidents of Top 5 Assignees—Displays the top 5 assignees by assignee name with the highest number of overdue incidents over the last 30 days, 7 days, or 24 hours according to the incidents creation time.
Incidents Over Time—Displays the number of new incidents and resolved incidents over 14 days.
Newest Incidents— Display incidents details of the 5 most recent incidents.

Security Manager dashboard

Abstract

Use the Security Manager dashboard to view general information about incidents and agents.

The Security Manager Dashboard widgets display general information about Cortex XDR incidents and agents.

Note

The Security Manager Dashboard requires either a Cortex XDR Prevent or Cortex XDR Pro per Endpoint license.

The dashboard includes the following Dashboard Widgets:

Agent Status Breakdown
Agent Version Breakdown (Top 5)
Incidents by Assignee (Top 10 | Last 30 days)
Open Incidents By Severity (Last 30 days)
Top Incidents (Top 10)
Open Incidents