Dashboard Widgets

Cortex XDR provides the following list of widgets to help you create dashboards and reports displaying summarized information about your endpoints.
Cortex XDR sorts widgets in the Cortex XDR app according to the following categories:

agent-management-catagory.png Agent Management Widgets

Widget Name
Description
Agent Content Version Breakdown
Displays the total number of registered agents and their distribution according to the installed content update version.
Agent Status Breakdown
Provides a summary of the total number of endpoint agents according to their status.
Agent Version Breakdown
Displays the total number of registered agents and their distribution according to agent versions.
Number of Installed Agents
Displays a timeline of the number of agents installed on endpoints over the last 24 hours, 7 days, or 30 Days.
Operating System Type Distribution
Displays the total number of registered agents and their distribution according to the operating system.

incident-management-category.png Incident Management Widgets

Widget Name
Description
Incidents By Assignee
Displays the distribution of incidents according to users and then the number of aged and open incidents. Aged incidents have not been modified in seven days.
Click a user to open a filtered view of incidents assigned to the selected user.
Incidents By Status
Provides a summary of the total current number of open incidents according to status. Click a status to open a filtered view of the incidents.

investingation-category.png Investigation Widgets

Widget Name
Description
Data Usage Breakdown
Displays a timeline of the consumption of Cortex XDR data in TB. Hover over the graph to see the amount at a specific time.
Detection By Actions
Displays the top five actions performed on alerts or incidents. In the upper right corner:
  • Toggle between alerts and incidents
  • Select to view the number of alert/incidents per action over the last 24 hours, 7 days, or 30 Days
Detections By Category
Displays the top five categories of alerts or incidents. In the upper right corner:
  • Toggle between alerts and incidents
  • Select to view the number of alert/incidents per category over the last 24 hours, 7 days, or 30 Days
Detection By Source
Displays the top five sources of alerts or incidents. In the upper right corner:
  • Toggle between alerts and incidents
  • Select to view the number of alert/incidents per source over the last 24 hours, 7 days, or 30 Days
Open Incidents
Displays a timeline of open incidents over time and the number of aged and open incidents. Aged incidents have not been modified in seven days.
Select the time scope in the upper right to view the number of open incidents over the last 24 hours, 7 days, or 30 Days.
Hover over the graph to view the number of open incidents on a specific day.
Open Incidents by Severity
Provides a summary of the total current number of open incidents according to severity.
Click a severity percentage to open a filtered view of the incidents.
Response Action Breakdown
Displays the top response actions taken in the Action Center over the last 24 hours, 7 days, or 30 Days.
Top Hosts
Displays the top ten hosts with the highest number of incidents according to severity. Incidents are color-coded; red for high and yellow for medium.
Click a host to open a filtered view of all open incidents for the selected host.
Top Incidents
Displays the top ten current incidents with the highest number of alerts according to severity. Alerts are color-coded; red for high and yellow for medium.
Click a severity to open a filtered view of all open alerts for the selected incident.

user-defined-catagory.png User Defined Widgets

Widget Name
Description
Free Text
Displays a text box allowing to insert free text.
Header
Displays a title containing the free text. For example, name and description of a report or dashboard, customer name, tenant ID, or date.

Recommended For You