Dashboard Widgets

Learn about the widgets you can use in your Cortex XDR custom dashboards.
Cortex XDR provides the following list of widgets to help you create dashboards and reports displaying summarized information about your endpoints.
Cortex XDR sorts widgets in the Cortex XDR app according to the following categories:

Agent Management Widgets

Widget Name
Description
Agent Content Version Breakdown
Displays the total number of registered Cortex XDR agents and the distribution of agents by content update version.
Agent Status Breakdown
Displays the total number of Cortex XDR agents by the agent status.
Agent Version Breakdown
Displays the total number of registered Cortex XDR agents and the distribution of agents by agent version.
Number of Installed Agents
Displays a timeline of the number of agents installed on endpoints over the last 24 hours, 7 days, or 30 days.
Operating System Type Distribution
Displays the total number of registered agents and their distribution according to the operating system.

Incident Management Widgets

Widget Name
Description
Incidents By Assignee
Displays the top 10 users that are assigned the highest number of incidents over the last 30 days. For each assignee, the widget displays the distribution of
Aged
and
Total Open
incidents.
Aged
incidents are older than one week which have remained unresolved.
Select an assignee to open the incidents table filtered to display incidents that are assigned to the selected assignee.
Incidents By MITRE ATT&CK
Display a breakdown of the number of incidents involved with each MITRE ATT&CK tactic and technique over the last 30 days, 7 days, 24 hours, or custom time range according to the incidents creation time.
Select a tactic or technique to pivot to the Incidents Table filtered according to the tactic/technique and creation time.
Incidents By Status
Provides a summary of the total current number of open incidents according to status. Click a status to open a filtered view of the incidents.
Incidents Status Board
Display the last 30 days, 7 days, or 24 hours of the following information according to the incidents creation time:
  • Total number of open incidents, how many are unassigned, and how many are overdue according to the incident severity.
  • Breakdown of open incidents according to the status
    New
    and
    Under Investigation
    .
  • Breakdown of resolved incidents according to resolved reason.
For further investigation, select each of the available breakdowns to pivot to the Incident table filtered according to the incident creation time and selected breakdown.
Incidents Over Time
Display the following information over the past 14 days:
  • Number of new incidents created per day.
  • Number of resolved incidents per day.
For further investigation, select each of the bars to pivot to the Incident table filtered according to the creation date within the selected 24 hours.
Newest Incidents
Display the following details for the 5 most recent incidents:
  • Starred
  • Severity
  • ID
  • Score
  • Description
  • Creation time
Overdue Incidents of top 5 Assignees
Display the last 30 days, 7 days, or 24 hours of the following information according to the incidents creation time:
  • Top 5 assignees, by assignee name, with the highest number of overdue incidents.
For further investigation, select a user to pivot to the Incident table filtered according to the incident creation time and assignee.
Resolved Incidents by Assignee
Display a breakdown of the top five users with the most resolved incidents assigned to them according to the incident creation time.
For further investigation, select an assignee to pivot to the Incidents table filtered according to the assignee and the resolved incident resolution time.
Resolved Incidents MTTR
Display either the last 30 days, 7 days, or 24 hours of the following information according to incident creation time and resolved statuses:
  • Total Mean Time to Resolve (MTTR) of all incidents, according to severity, created during the selected timeframe and the average time it took to resolve the incidents compared to the defined Target MTTR.
For further investigation, select a severity bar to pivot to the Incident table filtered according to the incident creation time and severity.

Investigation Widgets

Widget Name
Description
Data Usage Breakdown
Displays a timeline of the consumption of Cortex XDR data in TB. Hover over the graph to see the amount at a specific time.
Detection By Actions
Displays the top five actions performed on alerts or incidents. In the upper right corner:
  • Toggle between alerts and incidents
  • Select to view the number of alert/incidents per action over the last 24 hours, 7 days, or 30 Days
Detections By Category
Displays the top five categories of alerts or incidents. In the upper right corner:
  • Toggle between alerts and incidents
  • Select to view the number of alert/incidents per category over the last 24 hours, 7 days, or 30 Days
Detection By Source
Displays the top five sources of alerts or incidents. In the upper right corner:
  • Toggle between alerts and incidents
  • Select to view the number of alert/incidents per source over the last 24 hours, 7 days, or 30 Days
Open Incidents by Severity
Displays the total open incidents over the last 30 days according to severity.
Select a severity to open a filtered view of incidents by the selected severity.
Response Action Breakdown
Displays the top response actions taken in the Action Center over the last 24 hours, 7 days, or 30 Days.
Top Hosts
Displays the top ten hosts with the highest number of incidents in order of severity over the last 30 days. Incidents are color-coded: red for high severity and yellow for medium severity.
Click a host to open a filtered view of all open incidents for the selected host.
Top Incidents
Displays the top ten current incidents with the highest number of alerts according to severity over the last 30 days. Alerts are color-coded; red for high and yellow for medium.
Click a severity to open a filtered view of all open alerts for the selected incident.
Total Incidents
Displays a timeline of incidents including the number of aged versus open incidents. Aged incidents are older than one week which have remained unresolved.
Select the time scope in the upper right to view the number of open incidents over the last 24 hours, 7 days, or 30 days.
Hover over the graph to view the number of open incidents on a specific day.

User Defined Widgets

Widget Name
Description
Free Text
Displays a text box allowing to insert free text.
Header
Displays a title containing the free text. For example, name and description of a report or dashboard, customer name, tenant ID, or date.

Recommended For You