Cloud Command Center - Administrator Guide - Cortex XSIAM - Cortex

Cloud Command Center - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product

Cortex XSIAM

Creation date

2024-02-26

Last date published

2024-04-25

Notice

This feature requires a Cortex XSIAM Enterprise Plus license.

The Cloud Command Center dashboard provides a dynamic overview of your cloud-based security operations with details about your cloud assets and projects, related incidents, risks and vulnerabilities. From the dashboard you can drill down to dedicated views for further investigation into your cloud platform.

The following table describes each section on the Cloud Command Center:

Section	Details
Cloud Assets	Displays information about your cloud platforms, the total number of assets configured per platform, and the total number of cloud projects from of all of your cloud platforms. Hover over the total number of assets to see a breakdown by category. Line colors represent the connectivity status of the assets. You can hover over the lines to see a breakdown of data ingestion, or details of collection errors. If you have the enabled the Unified Inventory, you can click on a cloud platform to drilldown to the assets for the selected platform.
Incidents	Displays the total number of incidents opened in the timeframe that are associated with your cloud assets, broken down by severity. Incidents are broken down into automated and manual incidents, where automated incidents contain at least one playbook. You can also see the top nine open incidents as ranked by SmartScore.
Key performance indicators	Risks identified by Prisma Cloud, including attack paths, vulnerabilities, and misconfigurations. Total number of assets discovered in the cloud. Cloud data ingested by your cloud platforms in the timeframe, including flow logs and audit logs.

Section

Details

Cloud Assets

Displays information about your cloud platforms, the total number of assets configured per platform, and the total number of cloud projects from of all of your cloud platforms. Hover over the total number of assets to see a breakdown by category.

Line colors represent the connectivity status of the assets. You can hover over the lines to see a breakdown of data ingestion, or details of collection errors.

If you have the enabled the Unified Inventory, you can click on a cloud platform to drilldown to the assets for the selected platform.

Incidents

Displays the total number of incidents opened in the timeframe that are associated with your cloud assets, broken down by severity. Incidents are broken down into automated and manual incidents, where automated incidents contain at least one playbook. You can also see the top nine open incidents as ranked by SmartScore.

Key performance indicators

Risks identified by Prisma Cloud, including attack paths, vulnerabilities, and misconfigurations.
Total number of assets discovered in the cloud.
Cloud data ingested by your cloud platforms in the timeframe, including flow logs and audit logs.