Build a Custom Dashboard - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-05-22
Category
Administrator Guide
Abstract

You can customize the Cortex XSIAM dashboard to display and filter information that is most relevant to you and best presented for your review.

To create purposeful dashboards, consider the information that you require in your day-to-day operations. When you create a dashboard, you select widgets from the widget library and choose their placement on the dashboard.

If you include Custom Cortex Query Language (XQL) widgets with parameter filters, you configure the parameters to filter widget data on the dashboard. When you generate the dashboard, the header displays all defined filters. You can update the values directly in the header to alter the scope of the dashboard. For more information, see Using dashboard filters and inputs.

  1. Select Dashboards & ReportsCustomizeDashboards Manager+ New Dashboard.

  2. In the Dashboard Builder, enter a unique Dashboard Name and an optional Description of the dashboard.

  3. Choose the Dashboard Type and click Next.

    You can use an existing dashboard as a template, or you can build a new dashboard from scratch.

  4. Customize your dashboard.

    To get a feel for how the data will look, Cortex XSIAM provides mock data. To see how the dashboard would look with real data in your environment, you can use the toggle above the dashboard to use Real Data.

  5. Add widgets to the dashboard. From the widget library, drag and drop widgets on to the dashboard.

    1. For agent-related widgets, limit the results to only the endpoints that belong to the group by applying an endpoint scope.

      Select the menu on the top right corner of the widget, select Groups, and select one or more endpoint groups.

    2. For incident-related widgets, select the star to display only incidents that match an incident starring configuration on your dashboard, if desired. A purple star indicates that the widget is displaying only starred incidents (see Manage Incident Starring).

  6. (Optional) If your dashboard includes XQL widgets with dynamic parameters, you can Add FILTERS & INPUTS. For more information, see Configuring Filters, Inputs, and Drilldowns.

  7. (Optional) If your dashboard includes XQL widgets, you can configure drilldowns.

  8. Set a Time Range for your dashboard.

    By default, the widgets use the dashboard time frame. You can change the widget time frame by selecting the menu in the top right corner of the widget.

  9. When you have finished customizing your dashboard, click Next.

  10. To set the custom dashboard as your default dashboard, select Define as default dashboard.

  11. To keep this dashboard visible only for you, select Private.

    Otherwise, the dashboard is public and visible to all Cortex XSIAM app users with the appropriate roles to view dashboards.

  12. Generate your dashboard.