Navigation Cheat Sheet - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide
Product
Cortex XPANSE
Version
2
Creation date
2024-03-28
Last date published
2024-04-14
Category
User Guide
Solution
Cloud
Abstract

Cortex Xpanse provides an easy-to-use interface.

Cortex Xpanse provides an easy-to-use interface. By default, Cortex Xpanse displays the Home dashboard when you log in. If desired, you can change the default dashboard. See the Dashboards section for more information.

Depending on your assigned role, you can explore the following areas in Expander.

Main Menu

Menu Item

Description

Dashboards

From the Dashboard menu, you can view the out-of-the-box dashboards and create, edit, and view custom dashboards.

  • Out-of-the-box dashboards—Provide high-level statistics about your assets and incidents. Out-of-the-box dashboards include the Home, Attack Surface Management, Incident Management, Unmanaged Cloud, Security Rating, and Websites dashboards.

  • Other Dashboards—Additional out-of-the-box dashboards that aren't listed in the top-level dashboards menu, including Security Admin, My Overview, and Attack Surface Compliance Violations dashboards.

  • My Dashboards—Custom dashboards that you created.

  • Dashboards Manager—Add new dashboards with customized widgets to surface the statistics that matter to you most

  • Widget Library—Search, view, edit, and create widgets based on predefined widgets and user-created custom widgets.

Reports

From the Reports menu, you can view and manage your existing reports, create new reports, and schedule reports.

  • Reports—View and download existing reports.

  • Reports Templates—Build reports using pre-defined templates, or customize a report. Reports can be generated on-demand scheduled

Incident Response

From the Incident Response menu, you can view, manage, investigate and take action on all incidents.

  • Incidents—Investigate, manage, and resolve your incidents and alerts.

  • Threat Response Center—Review emergent and global threat events, assess the impact to your organization, and build a remediation plan.

Asset Inventory

From the Assets Inventory menu, you can view and investigate the assets and other inventory items attributed to your organization.

  • Unified Inventory—Comprehensive list of all domains, certificates, cloud compute instances, and unassociated responsive IPs.

  • Domains—List of domains and subdomains attributed to your organization.

  • Certificates—List of certificates attributed to your organization.

  • Owned Responsive IPs—List of IP addresses that expose a service and are part of an IP range that has been attributed to your organization.

  • Cloud Inventory—List of assets that were reported by a cloud provider or Prisma Cloud integration.

  • Services—List of external services, which are servers running on an IP:port or a domain:port that respond to scanners on some protocol.

  • Owned IP Ranges—List of IP address ranges attributed to your organization

  • Websites—List of web assets attributed to your organization.

Rules

From the Policies and Rules menu, you can customize the way Expander creates, prioritizes, and responds to alerts.

  • Attack Surface Rules—View and manage the list of attack surface rules that trigger alerts.

  • Risk Scoring—Enable or disable Xpanse Risk Scoring and configure User Scoring Rules.

  • Alert Exclusions—Create rules to filter out alerts and incidents from the Expander UI.

  • Remediation Path Rules—Create rules to tell the Active Response module which remediation approach to take when responding to alerts.

  • Asset Tag Rules—Create rules to automatically tag existing and new assets.

Automation

From the Automation menu, you can configure integrations and playbooks.

  • Configuration—View and configure your automation integrations.

Marketplace

Marketplace provides access to integrations that extend the functionality of Cortex Xpanse and allow communication with third-party services.

Settings

You can find many of the system-wide settings under Settings in the main menu.

Menu Item

Description

dark-mode.png

(Dark Mode/Light Mode)

Toggle between dark mode and light mode by using the sun and moon icons next to the Settings menu option.

Cortex Xpanse License

View information about your Expander license, expiry dates, AUM, and Addon modules.

Management Audit Logs

View and export a historical audit trail of user actions in Expander.

Configurations

Server Settings

Configure keyboard shortcuts, timestamp format, ingestion evaluation mode, and other custom server settings.

Security Settings

Manage sessions, user expiration, and allowed domains.

Notifications

Set up notifications for alerts and management audit logs.

Collection Integrations

Configure installed collection integrations.

Automation Integrations

Configure installed automation integrations.

API Keys

Generate Cortex Xpanse API keys.

Users

View and manage users. Add/edit roles, user groups, accumulated permissions, import multiple user roles, etc.

Roles

View, create, edit, and delete user roles.

User Groups

View and manage user groups. Import a group from Active Directory and manage user groups

Single-Sign On

Set up SSO using SAML 2.0.

Notifications

View Cortex Xpanse notifications.

User (Username)

Click on your username to see the following options:

  • About to view additional version and tenant ID information.

  • What's New in This Release to learn about the key features in the latest release.

  • Xpanse What’s New to view an overview of Cortex Xpanse functionality.

  • Log Out to terminate the connection with Cortex Xpanse Expander.