Dynamic View - See an overview of Cortex XSIAM activity in real-time on the Dynamic View. - Administrator Guide - Cortex XSIAM - Cortex

Dynamic View - See an overview of Cortex XSIAM activity in real-time on the Dynamic View. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-16

Category

Administrator Guide

Abstract

See an overview of Cortex XSIAM activity in real-time on the Dynamic View.

The Dynamic View provides an overview of Cortex XSIAM activity in real-time. You can see the data sources that are sending data to Cortex XSIAM, data sources with connection errors, playbooks being triggered, and the issues and cases being created.

To access the Dynamic View click on the concentric circle in the XSIAM Command Center. The Dynamic View includes the concentric circle, the live feed, and the key performance indicators. The following table describes each of these sections:

Section	Details
Concentric circle	Shows an animation of Cortex XSIAM activity in real-time. Icons represent issues and cases. Data sources are displayed on the outside of the circle, and are color coordinated to represent their connection status. The center of the circle displays statistics about open cases, automatically resolved cases, and manually resolved cases. Click on any of the elements to drilldown to dedicated pages for further investigation.
Live feed	Reports the following types of activity on the tenant: An issue is added to a case. A case is created, resolved, or reopened. A playbook is triggered. A data source ingested data. A data source is in error status. Click on any of the live feed elements to link to dedicated pages that can assist you with your investigation.
Key performance indicators	Displays information about data ingested during the time frame, and the number of open cases. The ingestion rate trend percentage is calculated by comparing the ingestion total of the current time frame with the ingestion total of the previous time frame. An arrow indicates whether the rates are rising or falling in comparison to the previous time frame's total. Click on the key performance indicators to drilldown to dedicated pages for further investigation.

Section

Details

Concentric circle

Shows an animation of Cortex XSIAM activity in real-time. Icons represent issues and cases. Data sources are displayed on the outside of the circle, and are color coordinated to represent their connection status. The center of the circle displays statistics about open cases, automatically resolved cases, and manually resolved cases.

Click on any of the elements to drilldown to dedicated pages for further investigation.

Live feed

Reports the following types of activity on the tenant:

An issue is added to a case.
A case is created, resolved, or reopened.
A playbook is triggered.
A data source ingested data.
A data source is in error status.

Click on any of the live feed elements to link to dedicated pages that can assist you with your investigation.

Key performance indicators

Displays information about data ingested during the time frame, and the number of open cases. The ingestion rate trend percentage is calculated by comparing the ingestion total of the current time frame with the ingestion total of the previous time frame. An arrow indicates whether the rates are rising or falling in comparison to the previous time frame's total.

Click on the key performance indicators to drilldown to dedicated pages for further investigation.