Quick Launcher

The Quick Launcher provides a quick, in-context shortcut that you can use to search for information, perform common investigation tasks, or initiate response actions from any place in the Cortex XDR app. The tasks that you can perform with the Quick Launcher include:
  • Search for host, username, IP address, domain, filename, or filepath, timestamp
  • Begin
    Go To
    mode. Enter forward slash (
    /
    ) followed by your search string to filter and navigate to Cortex XDR pages. For example,
    / rules
    searches for all pages that include ‘rules’ and allows you to navigate to those pages. Select
    Esc
    to exit Go To mode.
  • Add a processes bySHA256? hash to the allow list or block list
  • Add domains or IP addresses to the EDL block list
  • Create a new IOC for an IP address, domain, hash, filename, or filepath
  • Isolate an endpoint
  • Open a terminal to a given endpoint
  • Initiate a malware scan on an endpoint
You can bring up the Quick Launcher either using the default keyboard shortcut—
Ctrl-Shift+X
on Windows or
CMD+Shift+X
on macOS—or using the Quick Launcher icon located in the top navigation bar. To change the default keyboard shortcut, navigate to
gear.png
Settings
General
Keyboard Shortcuts
. The shortcut value must be a keyboard letter, A through Z, and cannot be the same as the
Artifact and Asset Views
defined shortcut.
You can also prepopulate searches in Quick Launcher by selecting text in the app or selecting a node in the Causality or Timeline Views.
By default, Cortex XDR opens the Quick Launcher in the center of the page. To change the default position, drag the Quick Launcher to another preferred location. The next time you open the Quick Launcher, it opens in the previous location. To close the Quick Launcher, click
Esc
or click out of the Quick Launcher dialog.

Recommended For You