Use the Cortex XDR Interface

Get started with the Cortex XDR interface.
Cortex XDR provides an easy-to-use interface that you can access from the hub. By default, Cortex XDR displays the Incident Management Dashboard when you log in. If desired, you can change the default dashboard or Build a Custom Dashboard that displays when you log in.
Each SAML login session is valid for 8 hours.
Depending on your license and assigned role, you can explore and the following areas in the app.
use-cortex-xdr-menu.png
Interface
Description
Reporting
From this menu, you can manage your dashboards and run reports.
Investigation
From this menu you can investigate a lead or hunt for threats. You can access the
Query Builder
to search logs from your Palo Alto Networks sensors, or the
Query Center
to view the status of all queries, and
Scheduled Queries
to view the status and modify the frequency of reoccurring queries.
You can also view all incidents, prioritize incidents, and set alert exceptions.
Response
From this menu, you can respond to identified threats and take action. With a Cortex XDR Prevent or Cortex XDR Pro per Endpoint license, you can view the Action Center where you can initiate investigation and response actions such as isolating an endpoint or initiating a live terminal session to investigate processes and files locally.
From this menu, you can also add malicious domains and IP addresses to an external dynamic list (
EDL
) enforceable on your Palo Alto Networks firewall.
Endpoints
With a Cortex XDR Prevent or Cortex XDR Pro per Endpoint license, you can manage your endpoints and endpoint security policy from this menu.
Security
From this menu, you can configure additional add-on security services such as Device Control. Device Control requires a Cortex XDR Prevent or Cortex XDR Pro per Endpoint license.
Rules
With a Cortex XDR Pro per TB license, you can define indicators of known threats to enable Cortex XDR to raise alerts when detected. As you investigate and research threats and uncover specific indicators and behaviors associated with a threat, you can create rules to detect and alert you when the behavior occurs.
Add-ons
With a Cortex XDR Pro license, you can access additional Cortex XDR modules available for your tenant, such as
Host Insights
.
Assets
From this menu, you can define your network parameters and view a list of all the assets in your network.
quick-launcher.png Quick Launcher
Open an in-context shortcut that you can use to search for information,perform common investigation tasks, or initiate response actions from any place in the Cortex XDR app
gear.png Settings and management
From the gear icon, you can view a log of actions initiated by Cortex XDR analysts, configure Cortex XDR settings to integrate with other apps and services, and manage settings for the analytics engine.
notification-icon.png Notifications
View Cortex XDR notifications such as when a query completes.
User
User who is logged into the Cortex XDR app and additional information about the app.
hub-menu-icon.png Hub
Access a list of apps allocated to your hub account.
The following topics describe additional management actions you can perform on page results:

Recommended For You