Cortex XDR comes with predefined dashboards that display widgets tailored to the dashboard type. You can select any of the predefined dashboards directly from the dashboard menu in → → . You can also select and rename a predefined dashboard in the Dashboard Builder available by clicking + New Dashboard. The types of dashboards that are available to you depend on your license type.
Agent Management Dashboard
Use the Agent Management dashboard to view information about the agents and endpoints in your system.
The Agent Management dashboard displays at-a-glance information about the endpoints and agents in your deployment.
Note
Support for the Agent Management dashboard requires either a Cortex XDR Prevent or Cortex XDR Pro per Endpoint license.
The dashboard includes the following Dashboard Widgets:
Agent Status Breakdown
Agent Content Version Breakdown (Top 5)
Agent Version Breakdown (Top 5)
Operating Type Distribution
Top Hosts (Top 10 | Last 30 days)
Cloud Inventory Dashboard
Use the Cloud Inventory dashboard to get an overview of your cloud-based assets.
The Cloud Inventory dashboard displays an overview of all your assets on the cloud.
The dashboard is comprised of the following :
Accounts by Cloud Provider
Compute Instances Over Time
Assets by Cloud Provider
Assets by Type
Assets by Sub-Type
Assets by Geo Region
Assets by Region
Assets by Responsive Port Number
Responsive Assets Over Time
Data Ingestion Dashboard
Use the Data Ingestion dashboard to view information about the type and amount of data being ingested by Cortex XDR.
The Data Ingestion dashboard displays an overview and detailed information regarding the type and amount of data ingested by Cortex XDR according to the Products and Vendors used. For example, Syslog Collector, Check Point logs, and authentication logs.
The dashboard is comprised of the following :
Daily Consumption—Stacked graphs measuring your daily data consumption, according to either Vendors (default) or Products, versus your daily consumption limit. Each bar indicates a 24 hour range over the past 14 days. Cortex XDR measures and enforces the 24 hour rage according to UTC, but the graph displays the 24 hour rage according to the selected tenant timezone.
Ingestion Rate—Displays your data ingestion rate, measured in Traffic/ Sec, over the past 24 hours, 7 days, or 30 days filtered according to the type of Vendors (default), Products, or All Sources.
Detailed Ingestion—Table listing for the different Products (default) or Vendors, the LAST SEEN date and time, LAST DAY INGESTED for the amount of data ingested over the last 24 hour range, and the CURRENT DAY INGESTED for the current amount ingested in the past 24 hours. Detailed ingestion for the current 24 hours is updated in 5 minute intervals.
Note
Due to a calculation change in NGFW log ingestion and improvements to data ingestion metrics, you cannot view data earlier than July 2023 on this dashboard. However, you can still view this data by running Cortex XQL Language (XQL) queries on the metrics_center data set.
Incident Management Dashboard
Use the Incidents Management dashboard to view a summary of incidents in your environment.
The Incidents Management dashboard provides a graphical summary of incidents in your environment, with incidents prioritized and listed by severity, assignee, incident age, and affected hosts.
The dashboard includes the following Dashboard Widgets:
Incidents by Assignee (Top 10 | Last 30 days)
Open Incidents
Open Incidents By Severity (Last 30 days)
Top Incidents (Top 10)
To filter a widget to display only incidents that match incident starring policies, select the star in the right corner. A purple star indicates that the widget is displaying only starred incidents. The starring filter is persistent and will continue to show the filtered results until you clear the star.
My Dashboard
Use My Dashboard to view incidents and MTTR for the logged-in user.
My Dashboard provides an overview of the incidents and MTTR for the logged-in user.