Dashboard Widgets

Learn about the widgets you can use in your Cortex XDR custom dashboards.
Cortex XDR provides the following list of widgets to help you create dashboards and reports displaying summarized information about your endpoints.
Cortex XDR sorts widgets in the Cortex XDR app according to the following categories:

Agent Management Widgets

Widget Name
Description
Agent Content Version Breakdown
Displays the total number of registered Cortex XDR agents and the distribution of agents by content update version.
Agent Status Breakdown
Displays the total number of Cortex XDR agents by the agent status.
Agent Version Breakdown
Displays the total number of registered Cortex XDR agents and the distribution of agents by agent version.
Number of Installed Agents
Displays a timeline of the number of agents installed on endpoints over the last 24 hours, 7 days, or 30 days.
Operating System Type Distribution
Displays the total number of registered agents and their distribution according to the operating system.

Incident Management Widgets

Widget Name
Description
Incidents By Assignee
Displays the top 10 users that are assigned the highest number of incidents over the last 30 days. For each assignee, the widget displays the distribution of aged and open incidents. Aged incidents have not been modified in seven days.
Select an assignee to open the incidents table filtered to display incidents that are assigned to the selected assignee.
Incidents By Status
Provides a summary of the total current number of open incidents according to status. Click a status to open a filtered view of the incidents.

Investigation Widgets

Widget Name
Description
Data Usage Breakdown
Displays a timeline of the consumption of Cortex XDR data in TB. Hover over the graph to see the amount at a specific time.
Detection By Actions
Displays the top five actions performed on alerts or incidents. In the upper right corner:
  • Toggle between alerts and incidents
  • Select to view the number of alert/incidents per action over the last 24 hours, 7 days, or 30 Days
Detections By Category
Displays the top five categories of alerts or incidents. In the upper right corner:
  • Toggle between alerts and incidents
  • Select to view the number of alert/incidents per category over the last 24 hours, 7 days, or 30 Days
Detection By Source
Displays the top five sources of alerts or incidents. In the upper right corner:
  • Toggle between alerts and incidents
  • Select to view the number of alert/incidents per source over the last 24 hours, 7 days, or 30 Days
Open Incidents by Severity
Displays the total open incidents over the last 30 days according to severity.
Select a severity to open a filtered view of incidents by the selected severity.
Response Action Breakdown
Displays the top response actions taken in the Action Center over the last 24 hours, 7 days, or 30 Days.
Top Hosts
Displays the top ten hosts with the highest number of incidents in order of severity over the last 30 days. Incidents are color-coded: red for high severity and yellow for medium severity.
Click a host to open a filtered view of all open incidents for the selected host.
Top Incidents
Displays the top ten current incidents with the highest number of alerts according to severity over the last 30 days. Alerts are color-coded; red for high and yellow for medium.
Click a severity to open a filtered view of all open alerts for the selected incident.
Total Incidents
Displays a timeline of incidents including the number of aged versus open incidents. Aged incidents have not been modified in seven days.
Select the time scope in the upper right to view the number of open incidents over the last 24 hours, 7 days, or 30 days.
Hover over the graph to view the number of open incidents on a specific day.

User Defined Widgets

Widget Name
Description
Free Text
Displays a text box allowing to insert free text.
Header
Displays a title containing the free text. For example, name and description of a report or dashboard, customer name, tenant ID, or date.

Recommended For You