Learn more about predefined dashboards, which are out-of-the-box dashboards providedby Palo Alto Networks.
Cortex XSIAM provides predefined dashboards that display widgets tailored to the dashboard type. The dashboards can help you monitor different aspects of your environment. To access your default dashboard, select Dashboards & Reports → Dashboard. From the dashboard header, a drop-down menu lists all available predefined and custom dashboards. The available dashboards depend on your license type.
Since predefined dashboards are system-managed and cannot be edited or deleted, you can create your own copy of a dashboard by selecting Save as new. This allows you to edit the widgets and configuration from your own custom version while preserving the original one.
Since these dashboards are provided directly by Palo Alto Networks, they follow a standard access model:
Always Public: These dashboards are always Public and visible to all authorized users. Unlike custom dashboards, you do not need to manage a list of who can see them.
Role permissions: Your visibility and access to these dashboards are set by your administrator through your user role. If you are unable to view specific dashboards or perform certain actions, contact your administrator to ensure your role permissions are configured correctly.
Data scoping: While the dashboard structure is public, the data you see within the widgets is automatically filtered based on your authorized data scope. For example, you will only see information for the asset groups you are permitted to view.
Dashboard name | Description |
|---|---|
Agent Management | Provides an overview of the deployed agents in your organization, their statuses and content versions, and a breakdown by OS type. NoteRequires Cortex XSIAM Premium, Enterprise, or any other XSIAM license that includes the Enterprise Runtime or Cloud Runtime Security add-on. |
AI Security | The Cortex Cloud AI Security overview dashboard serves as the central hub for information on the AI ecosystem within the organization. It provides a comprehensive overview of AI security posture and is designed to help users quickly access relevant information. The layout and organization of the dashboard are tailored to guide you in understanding the AI environment and determining the next steps to take for effective AI governance. For more information, see What is Cortex Cloud AI Security?. |
API security Management | Provides an overview of your API security landscape. You can view all the information and statistics applicable to threats and vulnerabilities of APIs across the cloud and services in your environment. Using this information, you can manage and implement security measures to safeguard the APIs running in your environment. The predefined dashboard for API security management, you can view data for:
|
Application Security | Provides an overview of application security posture with asset and code/pipeline issue insights. |
Attack Surface Management | Provides an overview of assets that are exposed to the Internet, and a breakdown of cases related to attack surface exposure. NoticeRequires the Cortex XSIAM Premium license or any other XSIAM license with the Attack Surface Management (ASM) add-on. |
Automation Insights | Provides a high-level overview of automation, focusing on issues automatically closed and execution trends. |
Cloud Inventory | Provides an overview of your cloud-based assets. NoteRequires a Cortex XSIAM Enterprise Plus license. |
Compliance Overview | Provides a centralized view of your organization's compliance performance against industry standards and your own internal security frameworks. For more information, see Compliance Overview Dashboard. |
Cortex Cloud Command Center | A central hub that provides a prioritized high-level summary of cloud accounts, provider scanning health, and asset distribution across all cloud providers, tracking progress over time with 90-day trends for Threat and Posture cases. For more information, see Cortex Cloud Command Center. NoticeThis feature is included with a Cloud Runtime Security, Cloud Posture Security, or Cortex XSIAM Premium license. |
Cloud Security Operations | Provides an overview of your cloud security operations dashboard helps you rapidly assess your security posture and resolve issues with the largest impact. For more information, see Cloud Security Operations. |
Data Ingestion | Provides an overview of data ingestion by product and vendor, the daily quota consumption, and your data ingestion rate. Due to a calculation change in NGFW log ingestion and improvements to data ingestion metrics, you cannot view data earlier than July 2023 on this dashboard. However, you can still view this data by running Cortex Query Language (XQL) queries on the |
Data Security | Discover and visualize all your data assets across the different cloud services, which will help you understand where the sensitive data is, how it is used and how it is moving across the organization. For more information, see What is Cortex Cloud Data Security?. |
Identity Security | You can use the Identity Security dashboard to ensure that your identity estate is fully covered from a security perspective. The Identity Security dashboard helps you perform actions such as monitoring your identity inventory, detecting the top critical issues and findings in your environment, identifying risky identities, discovering admins and admins at risk, and analyzing 3rd-party access. For more information, see What is Cortex Cloud Identity Security?. |
IT Metrics | Provides an overview of IT performance on your Cortex XDR agent, including CPU and memory performance data, connectivity data, and data about hard reboots and crashed applications. The Applications Crashing widget is supported for Windows agents only. NoteRequires Cortex XSIAM Premium, Enterprise, or any other XSIAM license that includes the Enterprise Runtime add-on. |
KSPM | Provides insights into your Kubernetes environment, including clusters, assets, and resources. Receive critical security information related to vulnerabilities, malware, secrets, and other available scanners. Identify areas lacking protection and take action to secure your clusters. For more information on onboarding your Kubernetes environment, see Onboard the Kubernetes Connector. NoteUsers can access all information on the dashboard when their user access is scoped to view All assets or assigned to the Instance Administrator role. Otherwise, users with granular scoping set to No assets or Select asset groups will have limited access to the dashboard. For more information on Scope-Based Access Control (SBAC), see Manage user scope.Manage user scope |
MITRE ATT&CK Framework Coverage | Provides a comprehensive overview of the Cortex XSIAM content and capabilities in context with the MITRE ATT&CK framework. For more information, see Review MITRE ATT&CK framework coverage. |
My Dashboard | Provides an overview of the cases and MTTR for the logged-in user. |
Network Traffic Analysis (NTA) | Provides an overview of network traffic analysis, highlighting key pieces of information. |
NGFW Ingestion | Provides an overview of ingestion status for all log types, the daily quota consumption for NGFW, and a breakdown by log type. |
Risk Management | Provides issue and case information to aid in risk assessment by highlighting information about compromised accounts and insider threats. The issues displayed in this dashboard are tagged by the research as Identity Threat issues or Identity Analytics issues. A case is displayed if any of its associated issues are tagged as an Identity threat or an Identity Analytics threat. NoticeRequires the ITDR add-on. |
Security Manager | Provides general information about Cortex XSIAM cases and agents. |
Threat Intel Management | Provides information about malicious or suspicious indicators in cases. |
Troubleshooting Instances | Provides a detailed view of command and execution errors at the instance level, helping diagnose and resolve issues with specific integrations. |
Troubleshooting Playbooks | Provides the ability to identify and resolve issues with playbooks and tasks through focused error analysis and runtime metrics. |