Investigate host insights, such as users, groups, services,
drivers, hardware, and network shares.
a powerful way to investigate assets by reducing the number of steps
it takes to collect and research hosts. Cortex XDR automatically
aggregates information on hosts and displays the host insights and
a list of related incidents.
investigate an asset:
Open the Asset View for an asset.
You can access the view from:
in Cortex XDR console by right-click >
Open Asset View
of an internal IP address with a
Cortex XDR Agent by selecting
The Quick Launcher,
by searching for a specific Host Name or Agent ID.
Review the Asset overview.
The overview displays the host name and any related incidents.
Review the Host name.
the host name.
Review any related incidents:
lists the last
3 incidents which contain the host as part of the incident
according to the
To dive deeper into specific incidents, you can select the Incident ID.
If more than three incidents are displayed, select
Filter the host information you want to display.
Select from the following criteria to refine the scope
of the host information you want to display. Each selection aggregates
the displayed data.
The type of information you want to display.
—A list of the host artifacts.
—Pivot to the IP view of
the IP addresses associated with the host.
List of host artifacts you want to display.
Users to Groups
Compare host insights collected by Cortex
XDR over the last 30 days.
to apply your
selections and update the information displayed in the visualization