Use the Cortex XDR Interface
Get started with the Cortex XDR interface.
Cortex XDR provides an easy-to-use interface that you can access from the Cortex hub. The first time you log in to the Cortex XDR app, you see the Incidents Dashboard. The next time you log in, the app displays the Incidents table as the first page, however you can return to the dashboard from the
Incidentsmenu at any time.
In addition to the Incidents pages, and depending on your assigned role, you can explore and the following areas in the app.
Incidentsmenu you can view and investigate incidents from the dashboard and incidents table, and view alert exclusions.
Investigationmenu you can investigate a lead or hunt for threats. You can access the
Query Builderto search logs from your Palo Alto Networks sensors, or the
Query Centerto view the status of all queries, and
Scheduled Queriesto view the status and modify the frequency of reoccurring queries.
Rulesmenu you can create new rules to help improve your security posture. As you investigate and research threats and uncover specific indicators and behaviors associated with a threat, you can create rules to detect and alert you when the behavior occurs.
Responsemenu you can take action to respond to threats. You can open a
Live Terminalconnection to an endpoint to investigate processes and files locally and can add malicious domains and IP addresses to an external dynamic list (
EDL) enforceable on your Palo Alto Networks firewall.
5. Settings and management
From the gear icon, you can view a log of actions initiated by Cortex XDR analysts, configure Cortex XDR settings to integrate with other apps and services, and manage settings for the analytics engine.
View Cortex XDR notifications such as when a query completes.
User who is logged into the Cortex XDR app and additional information about the app including EDR log data retention.
The following topics describe additional management actions you can perform on page results: