Use the Cortex XDR Interface

Get started with the Cortex XDR management console interface.
Before you can get started with Cortex XDR, you must Set up Cortex XDR Prevent.
Cortex XDR provides an easy-to-use interface that you can access from the hub. When you log in to the Cortex XDR management console, you see your default dashboard. If you haven’t customized the dashboard or changed the default, you see the Incident Management Dashboard.
Each SAML login session is valid for 8 hours.
In addition to your main dashboard, and depending on your assigned role, you can explore the menus for other features, as detailed in the following table.
Interface
Description
Dashboard & Reports
From the
Dashboard & Reports
menu you can view and manage your dashboards and reports from the dashboard and incidents table, and view alert exclusions.
  • Dashboard
    —Provides dashboards that you can use to view high-level statistics about your agents and incidents.
  • Reports
    —View all the reports that
    Cortex
    XDR
    administrators have run.
  • Customize
    —Create and manage new dashboard and reports.
    • Dashboards Manager
      —Add new dashboards with customized widgets to surface the statistics that matter to you most.
    • Reports Templates
      —Build reports using pre-defined templates, or customize a report. Reports can generated on- demand scheduled.
Incident Response
From the
Incident Response
menu, you can view, manage, investigate and take action on all incidents.
  • Incidents
    —Investigate and manage your incidents.
  • Response
    • Action Center
      —Provides a central location from which you can track the progress of all investigation, response, and maintenance actions performed on your endpoints.
    • Live Terminal
      —Initiate a remote connection to an endpoint enabling you to remotely manage, investigate, and perform response actions on the endpoint.
    • Incident Configuration
      —Create a starring configuration that automatically categorizes and starts incidents when a related alert contains specific attributes that you define as important.
Endpoints
From the
Endpoints
menu, you can manage your registered endpoints and configure policy.
  • All Endpoints
    —View and manage endpoints that have registered with your
    Cortex
    XDR
    instance.
  • Endpoint Groups
    —Create endpoint groups to which you can perform actions and assign policy.
  • Agent Installations
    —Create packages of the
    Cortex
    XDR
    agent software for deployment to your endpoints.
  • Policy Management
    —Configure your endpoint security profiles and assign them to your endpoints.
  • Host Firewall
    —Control communications on your endpoints by applying sets of rules that allow or block internal and external traffic.
  • Device Control Violations
    —Monitor all instances where end users attempted to connect restricted USB-connected devices and Cortex XDR blocked them on the endpoint.
  • Disk Encryption Visibility
    —View and manage endpoints that were encrypted using BitLocker.
Quick Launcher
Open an in-context shortcut that you can use to search for information, perform common investigation tasks, or initiate response actions from any place in the
Cortex
XDR
console.
Settings
From the
Settings
menu, you can view information about your Cortex XDR license, review logs of actions initiated by
Cortex
XDR
analysts, and configure
Cortex
XDR
Cortex XDR settings, integrations with other apps and services, and access management.
Tenant Navigator
View and switch to tenants to which you have access to, divided per CSP account. You can also navigate directly to the Cortex Gateway.
Notifications
View
Cortex
XDR
notifications.
User
From the User, see who is logged into
Cortex
XDR
. Right click and select:
  • About
    to view additional version and tenant ID information.
  • What’s New
    to view selected new features available for your license type.
  • Log Out
    to terminate connection with your
    Cortex
    XDR
    Management Console.

Recommended For You