Investigate host insights, such as users, groups, services,
drivers, hardware, and network shares.
The Asset View provides
a powerful way to investigate assets by reducing the number of steps
it takes to collect and research hosts. Cortex XDR automatically
aggregates information on hosts and displays the host insights and
a list of related incidents.
investigate an asset:
Open the Asset View for an asset.
You can access the view from:
A host with
Cortex XDR agent installed in Cortex XDR console by right-click
Open Asset View
The IP View of an internal IP address with a
Cortex XDR Agent by selecting Host Insights from the
The overview displays the host name and any related incidents.
Review the Host name.
the host name.
Review any related incidents:
lists the most
recent incidents that contain the host as part of the incident
according to the
If the host belongs to an endpoint with a Cortex XDR agent installed,
the incidents are displayed according to the host name. To dive
deeper into specific incidents, select the Incident ID. To view
all the related incidents, select
Filter the host information you want to display.
Select from the following criteria to refine the scope
of the host information you want to display. Each selection aggregates
the displayed data.
The type of information you want to display.
—A list of the host artifacts.
—Pivot to the IP view of
the IP addresses associated with the host.
List of host artifacts you want to display.
Users to Groups
Compare host insights collected by Cortex
XDR over the last 30 days.
to apply your
selections and update the information displayed in the visualization