In the Cortex® XDR™ management console, you can filter page results, manage columns and rows, and save or share the filters.
Most pages in Cortex XDR present data in table format and provide controls to help you manage and filter the results. If additional views or actions are available for a specific value, you can pivot (right-click) from the value in the table. For example, you can view the incident details, or pivot to the Causality View for an alert or you can pivot to the results for a query.
On most pages, you can also refresh ( ) the content on the page.
To manage tables in the app:
Filter Page Results
To reduce the number of results, you can filter by any heading and value. When you apply a filter, Cortex XDR displays the filter criteria above the results table. You can also filter individual columns for specific values using the icon to the right of the column heading.
Some fields also support additional operators such as
There are three ways you can filter results:
- By column using the filter next to a field heading
- By building a filter query for one or more fields using the filter builder
- By pivoting from the contents of a cell (show or hide rows containing)
Filters are persistent. When you navigate away from the page and return, any filter you added remain active.
To build a filter using one or more fields:
- From a Cortex XDR page, select filter ( ).Cortex XDR adds the filter criteria above the top of the table. For example, on the filter page:
- For each field you want to filter:
- Select or search the field.
- Select the operator by which to match the criteria.In most cases this will be=to include results that match the value you specify, or!=to exclude results that match the value.
- Enter a value to complete the filter criteria.CMD fields have a 128 character limit. Shorten longer query strings to 127 characters and add an asterisk (*).Alternatively, you can selectInclude empty valuesto create a filter that excludes or includes results when the field has an empty values.
- To add additional filters, click+AND(within the filter brackets) to display results that must match all specified criteria, or+ORto display results that match any of the criteria.
- Click out of the filter area into the results table to see the results.
- Next steps:
Export Results to File
If needed, you can export the page results for most pages in Cortex XDR to a tab separated values (TSV) file.
- (Optional) Filter Page Results to reduce the number of results for export.
- Select export to file ( ).Cortex XDR exports any results matching your applied filters in TSV format. The TSV format requires a tab separator, automatic detection does not work in case of multi-event exports.
Save and Share Filters
You can save and share filters across your organization.
- Save a filter:Saved filters are listed on the Filters tab for the table layout and filter manager menu.
- Save ( ) the active filter.
- Enter a name to identify the filter.You can create multiple filters with the same name. Saving a filter with an existing name will not override the existing filter.
- Choose whether toShare this filteror whether to keep it private for your own use only.
- Share a filter:You can share a filter across your organization.
- Select the table layout and filter menu indicated by the three vertical dots, then selectFilters.
- Select the filter to share and click the share icon.
- If needed, you can later unshare ( ) or delete ( ) a filter.Unsharing a filter will turn a public filter private. Deleting a shared filter will remove it for all users.
Show or Hide Results
As an alternative to building a filter query from scratch or using the column filters, you can pivot from rows and specific values to define the match criteria to fine tune the results in the table. You can also pivot on empty values to show only results with empty values or only results that do not have empty values in the column from which you pivot.
CMD fields are limited to 128 characters. If you pivot on a CMD field with a truncated value, the app shows or hides all results that match the first 128 characters.
The show or hide action is a temporary means of filtering the results: If you navigate away from the page and later return, any results you previously hid will appear again.
This option is available for fields which have a finite list of options.
To hide or show only results that match a specific field value:
- Right-click the matching field value by which you want to hide or show.
- Select the desired action:
- Hide rows with<field value>
- Show rows with<field value>
- Hide empty rows
- Show empty rows
Manage Columns and Rows
From Cortex XDR pages, you can manage how you want to view the results table and what information you want XDR app to display.
Any adjustments you make to the columns or rows persist when you navigate away from and later return to the page.
- Adjust the row height and column width:
- On the Cortex XDR page select the menu indicated by three vertical dots to the right of the filter button.
- InView Configuration, select the desired:
- Row height ranging from short to tall ( ).
- Column width ranging from narrow, fixed width, or scaled to the column heading ( ).
- Add or remove fields in the table:
- On an Cortex XDR page, select the menu indicated by three vertical dots to the right of the filter button.
- Below the column manager, search for a column by name, or select the fields you want to add or clear any fields you want to hide.Cortex XDR adds or removes the fields to the table as you select or clear the fields.
- If desired, drag and drop the fields to change the order in which they appear in the table.
- Configure the order of the columns:Define the order in which you want to display the field columns using the column index number. The column index number is the relative column number displayed in the table.
- On the Cortex XDR page, select the number ( ) assigned to field name you want to change.
- Enter the relative column number you want the field displayed in the table. The number you enter should not be greater that the number of columns.Field names that are locked ( ) cannot be moved.
Display Quick Actions
From the Cortex XDR tables, you can quickly initiate actions using icons available in the table rows. Depending on the table, the icons provide a quick alternative to the corresponding right-click pivot menus.
- Navigate to a Cortex XDR table throughout the Cortex XDR app.
- Hover over a table row to display the available actions.
Recommended For You
Recommended videos not found.