Use the Cortex XDR Interface

Get started with the Cortex XDR management console interface.
Before you can get started with Cortex XDR, you must Set up Cortex XDR Prevent.
Cortex XDR provides an easy-to-use interface that you can access from the hub. When you log in to the Cortex XDR management console, you see your default dashboard. If you haven’t customized the dashboard or changed the default, you see the Incident Management Dashboard.
Each SAML login session is valid for 8 hours.
In addition to your main dashboard, and depending on your assigned role, you can explore the menus for other features, as detailed in the following table.
1. Reporting
From the
menu you can view and manage your dashboards and reports from the dashboard and incidents table, and view alert exclusions.
  • Dashboard
    —Provides dashboards that you can use to view high-level statistics about your agents and incidents.
  • Dashboards Manager
    —Add new dashboards with customized widgets to surface the statistics that matter to you most.
  • Reports
    —View all the reports that Cortex XDR administrators have run.
  • Reports Templates
    —Build reports using pre-defined templates, or customize a report. Reports can generated on- demand scheduled.
2. Investigation
From the
menu, you can view all incidents in table form and configure alert starring (prioritization) policies.
3. Response
From the
menu you can take action to respond to threats. For example, you can open a
Live Terminal
connection to an endpoint to investigate processes and files locally.
4. Endpoints
From the
menu, you can manage your registered endpoints and configure policy.
  • Endpoint Management
    —View and manage endpoints that have registered with your Cortex XDR instance.
    • Endpoint Administration
      —View and manage endpoints that have registered with your Cortex XDR instance.
    • Endpoint Groups
      —Create endpoint groups to which you can perform actions and assign policy.
    • Agent Installations
      —Create packages of the Cortex XDR agent software for deployment to your endpoints.
  • Policy Management
    —Configure your endpoint security profiles and assign them to your endpoints. You can also define policy exceptions and configure
    Device Control
    for USB-connected devices.
  • Device Control Violations
    —Monitor all instances where end users attempted to connect restricted USB-connected devices and Cortex XDR blocked them on the endpoint.
  • Disk Encryption Visibility
    —View and manage endpoints that were encrypted using BitLocker.
5. Settings and management
From the gear ( ) menu, you can view information about your Cortex XDR license, view logs related to administrative and endpoint system activity, and manage other settings and integrations for your Cortex XDR instance.
6. Notifications
View Cortex XDR notifications.
7. User
From the User, see who is logged into Cortex XDR. Right click and select:
  • About
    to view additional version and tenant ID information.
  • What’s New
    to view selected new features available for your license type.
  • Hide / Show Guide Center
    to toggle between displaying the Guide Center icon.
  • Log Out
    to terminate connection with your Cortex XDR Management Console.
The following topics describe additional management actions you can perform on page results:

Recommended For You