Quick Launcher

The Quick Launcher provides a quick, in-context shortcut that you can use to search for information, perform common investigation tasks, or initiate response actions from any place in the Cortex XDR app. The tasks that you can perform with the Quick Launcher include:
  • Search for host, username, IP address, domain, filename, or filepath, timestamp
  • Begin
    Go To
    mode. Enter forward slash (
    ) followed by your search string to filter and navigate to Cortex XDR pages. For example,
    / rules
    searches for all pages that include ‘rules’ and allows you to navigate to those pages. Select
    to exit Go To mode.
  • Blacklist or whitelist processes bySHA256? hash
  • Add domains or IP addresses to the EDL blocklist
  • Create a new IOC for an IP address, domain, hash, filename, or filepath
  • Isolate an endpoint
  • Open a terminal to a given endpoint
  • Initiate a malware scan on an endpoint
You can bring up the Quick Launcher either using the default keyboard shortcut—
on Windows or
on macOS—or using the Quick Launcher icon located in the top navigation bar. To change the default keyboard shortcut, navigate to
Keyboard Shortcuts
. The shortcut value must be a keyboard letter, A through Z, and cannot be the same as the
Artifact and Asset Views
defined shortcut.
You can also prepopulate searches in Quick Launcher by selecting text in the app or selecting a node in the Causality or Timeline Views.
By default, Cortex XDR opens the Quick Launcher in the center of the page. To change the default position, drag the Quick Launcher to another preferred location. The next time you open the Quick Launcher, it opens in the previous location. To close the Quick Launcher, click
or click out of the Quick Launcher dialog.

Recommended For You