Learn about the widgets that you can use on your Cortex XDR custom dashboards.
Cortex XDR provides the following list of widgets to help you create dashboards and reports displaying summarized information about your endpoints.
Widget Name | Description |
|---|---|
Agent Content Version Breakdown | Displays the total number of registered Cortex XDR agents and the distribution of agents by content update version. |
Agent Status Breakdown | Displays the total number of Cortex XDR by the agent status. |
Agent Upgrade Failure Reasons | Displays the reasons for upgrade failures. Clickable links provide more details for each one. |
Agent Upgrade Statuses | Displays the number of agents currently reporting each upgrade status category. Clickable links provide more details for each one. |
Agent Version Breakdown | Displays the total number of registered Cortex XDR agents and the distribution of agents by agent version. |
Failed Agent Upgrades over Time | Displays failed upgrade trends over time (last 24 hours, 7 days, or 30 days); agent status (connected, disconnected, connection lost, uninstalled); or agent groups scope. |
Number of Installed Agents | Displays a timeline of the number of agents installed on endpoints over the last 24 hours, 7 days, or 30 days. |
Operating System Type Distribution | Displays the total number of registered agents and their distribution according to the operating system. |
Successful Agent Upgrades over Time | Displays successful upgrade trends over time (last 24 hours, 7 days, or 30 days); agent status (connected, disconnected, connection lost, uninstalled); or agent groups scope. |
Widget Name | Description |
|---|---|
Managed Assets vs Unmanaged Assets | Displays a detailed breakdown of your active managed and unmanaged assets. |
Number of Installed Agents | Displays a timeline of the number of agents installed on endpoints over the last 24 hours, 7 days, or 30 Days. |
Operating System Type Distribution | Displays the total number of registered agents and their distribution according to the operating system. |
Top 5 Notable Users | Displays the top 5 users with the highest User Score. Select a user to pivot to the User View. |
Widget Name | Description |
|---|---|
Custom Widget | Displays visualization (such as chart, graph, or additional visualization types) for the results of an XQL Search. See the XQL Language Reference guide for detailed information about creating an XQL Search Query. |
(Requires a Cortex XDR Host Insights Add-on)
Widget Name | Description |
|---|---|
CVEs By Severity | Provides a summary of the total number of existing CVEs in your network according to critical, high, medium, and low severity. Click a severity to open a filtered view of the CVEs. |
Top CVEs By Affected Endpoints | Displays the top Critical, High, and Medium severity CVEs currently existing in your network according to the total number of endpoints affected by each CVE. Click a CVE to open a filtered view of all affected endpoints. |
Top Vulnerable Applications | Displays the most vulnerable applications with the highest number of Critical, High, and Medium severity CVEs. Cortex XDR calculates the vulnerabilities for different application versions running on different operating systems. Click an application to open a filtered view of all existing CVEs for the selected application. |
Top Vulnerable Endpoints | Displays the most vulnerable endpoints with the highest number of critical, high, and medium CVEs. Click a host to open a filtered view of all existing CVEs for the selected host. |
Vulnerabilities On All Endpoints Over Time | Displays CVEs over time across your network. Select the time scope in the upper right to view the number of CVEs over the last 24 hours, 7 days, or 30 Days. Hover over the graph to view the number of existing CVEs on a specific day. |
Widget Name | Description |
|---|---|
Incidents By Assignee | Displays the top 10 users that are assigned the highest number of incidents over the last 30 days. For each assignee, the widget displays the distribution of Aged and Total Open incidents. Aged incidents are older than one week which have remained unresolved. Select an assignee to open the incidents table filtered to display incidents that are assigned to the selected assignee. |
Incidents By MITRE ATT&CK | Display a breakdown of the number of incidents involved with each MITRE ATT&CK tactic and technique over the last 30 days, 7 days, 24 hours, or custom time range according to the incidents creation time. Select a tactic or technique to pivot to the Incidents Table filtered according to the tactic/technique and creation time. |
Incidents By Status | Provides a summary of the total current number of open incidents according to status. Click a status to open a filtered view of the incidents. |
Incidents by Status Duration (Last 30 Days) | Displays the average, maximum, and minimum time that incidents stayed in a given status over the last 30 days. You can click a maximum or minimum time for a status to open the incident related to the max/min time. |
Incidents Status Board | Displays the last 30 days, 7 days, or 24 hours of the following information according to the incidents creation time:
For further investigation, select each of the available breakdowns to pivot to the Incident table sorted according to the incident creation time and selected breakdown. |
Incidents Over Time | Displays the following information over the past 14 days:
For further investigation, select each of the bars to pivot to the Incident table sorted according to the creation date within the selected 24 hours. |
My Incidents | Displays all active incidents assigned to the logged-in user, sorted according to the creation date. You can sort the list by age, severity or score. |
My Incidents Over Time | Displays the daily number of new and resolved incidents assigned to the logged-in user for the past 14 days. |
My Open Incidents by Severity | Displays a breakdown of open incidents assigned to the logged-in user, grouped by severity, over the last 30 days. Click a severity level to open a list of incidents filtered by that severity level. |
My MTTR | Displays the Mean Time to Resolve (MTTR) incidents assigned to the logged-in user, compared to the defined Target MTTR. Available date filters are 24 hours, 7 days, and 30 days. |
Newest Incidents | Displays the following details for the 5 most recent incidents:
|
Overdue Incidents of top 5 Assignees | Displays the last 30 days, 7 days, or 24 hours of the following information according to the incidents creation time:
For further investigation, select a user to pivot to the Incident table filtered according to the incident creation time and assignee. |
Resolved Incidents by Assignee | Displays a breakdown of the top five users with the most resolved incidents assigned to them according to the incident creation time. For further investigation, select an assignee to pivot to the Incidents table filtered according to the assignee and the resolved incident resolution time. |
Resolved Incidents MTTR | Displays either the last 30 days, 7 days, or 24 hours of the following information according to incident creation time and resolved statuses:
For further investigation, select a severity bar to pivot to the Incident table filtered according to the incident creation time and severity. |
Widget Name | Description |
|---|---|
Data Usage Breakdown | Displays a timeline of the consumption of Cortex XDR data in TB. Hover over the graph to see the amount at a specific time. |
Detection By Actions | Displays the top five actions performed on alerts or incidents. In the upper right corner:
|
Detections By Category | Displays the top five categories of alerts or incidents. In the upper right corner:
|
Detection By Source | Displays the top five sources of alerts or incidents. In the upper right corner:
|
Open Incidents | Displays a timeline of aged versus open incidents, or open alerts. Aged incidents and alerts are older than one week and remain unresolved. Refine the data in the graph from the widget menu. You can select the time frame, detection type, and group the data by hour, day, or week. Hover over the graph to view additional details. |
Open Incidents by Assignee Over Time (Top 10) | Displays the top ten assignees with the highest number of assigned incidents over a selected time frame. Refine the data in the graph from the widget menu. You can select the time frame, group the data by hour, day, or week, and select specific assignees or unassigned incidents. |
Open Incidents by Severity | Displays the total open incidents over the last 30 days according to severity. Select a severity to open a filtered view of incidents by the selected severity. |
Response Action Breakdown | Displays the top response actions taken in the Action Center over the last 24 hours, 7 days, or 30 Days. |
Top Hosts | Displays the top ten hosts with the highest number of incidents in order of severity over the last 30 days. Incidents are color-coded: red for high severity and yellow for medium severity. Click a host to open a filtered view of all open incidents for the selected host. |
Top Incidents | Displays the top ten current incidents with the highest number of alerts according to severity over the last 30 days, and each incident's score. Alerts are color-coded; red for high and yellow for medium. Click a severity to open a filtered view of all open alerts for the selected incident. Top incidents can be sorted by score. |
Widget Name | Description |
|---|---|
Ingestion Rate | Displays the rate at which Cortex XDR consumes data ingested from a specific vendor or product over the past 24 hours, 7 days, or 30 days. All ingestion rates are measured by bytes per second. |
Daily Consumption | A breakdown comparing the product/vendor consumption versus your allowed daily limit over the past 24 hours, displayed in UTC. The Daily limit is calculated according to your license: Amount of TB / 30 days NoteIf the ingestion rate has exceeded your daily limit, Cortex XDR will issue a notification through the Notification Center and email. After 3 continuous days of exceeding the ingestion rate, Cortex XDR will stop ingesting data that exceeds the daily limit. |
Detailed Ingestion | Breakdown of ingestion data per vendor or product over the past 30 days. Filter the following information for each source:
|
Widget Name | Description |
|---|---|
Free Text | Displays a text box allowing to insert free text. |
Header | Displays a title containing the free text. For example, name and description of a report or dashboard, customer name, tenant ID, or date. |