Dashboard Widgets

Learn about the widgets you can use in your Cortex XDR custom dashboards.
Cortex XDR provides the following list of widgets to help you create dashboards and reports displaying summarized information about your endpoints.
Cortex XDR sorts widgets in the Cortex XDR app according to the following categories:

Agent Management Widgets

Widget Name
Description
Agent Content Version Breakdown
Displays the total number of registered Cortex XDR agents and the distribution of agents by content update version.
Agent Status Breakdown
Displays the total number of Cortex XDR agents by the agent status.
Agent Version Breakdown
Displays the total number of registered Cortex XDR agents and the distribution of agents by agent version.
Number of Installed Agents
Displays a timeline of the number of agents installed on endpoints over the last 24 hours, 7 days, or 30 days.
Operating System Type Distribution
Displays the total number of registered agents and their distribution according to the operating system.

Incident Management Widgets

Widget Name
Description
Incidents By Assignee
Displays the top 10 users that are assigned the highest number of incidents over the last 30 days. For each assignee, the widget displays the distribution of aged and open incidents. Aged incidents have not been modified in seven days.
Select an assignee to open the incidents table filtered to display incidents that are assigned to the selected assignee.
Incidents By Status
Provides a summary of the total current number of open incidents according to status. Click a status to open a filtered view of the incidents.

Investigation Widgets

Widget Name
Description
Data Usage Breakdown
Displays a timeline of the consumption of Cortex XDR data in TB. Hover over the graph to see the amount at a specific time.
Detection By Actions
Displays the top five actions performed on alerts or incidents. In the upper right corner:
  • Toggle between alerts and incidents
  • Select to view the number of alert/incidents per action over the last 24 hours, 7 days, or 30 Days
Detections By Category
Displays the top five categories of alerts or incidents. In the upper right corner:
  • Toggle between alerts and incidents
  • Select to view the number of alert/incidents per category over the last 24 hours, 7 days, or 30 Days
Detection By Source
Displays the top five sources of alerts or incidents. In the upper right corner:
  • Toggle between alerts and incidents
  • Select to view the number of alert/incidents per source over the last 24 hours, 7 days, or 30 Days
Open Incidents by Severity
Displays the total open incidents over the last 30 days according to severity.
Select a severity to open a filtered view of incidents by the selected severity.
Response Action Breakdown
Displays the top response actions taken in the Action Center over the last 24 hours, 7 days, or 30 Days.
Top Hosts
Displays the top ten hosts with the highest number of incidents in order of severity over the last 30 days. Incidents are color-coded: red for high severity and yellow for medium severity.
Click a host to open a filtered view of all open incidents for the selected host.
Top Incidents
Displays the top ten current incidents with the highest number of alerts according to severity over the last 30 days. Alerts are color-coded; red for high and yellow for medium.
Click a severity to open a filtered view of all open alerts for the selected incident.
Total Incidents
Displays a timeline of incidents including the number of aged versus open incidents. Aged incidents have not been modified in seven days.
Select the time scope in the upper right to view the number of open incidents over the last 24 hours, 7 days, or 30 days.
Hover over the graph to view the number of open incidents on a specific day.

User Defined Widgets

Widget Name
Description
Free Text
Displays a text box allowing to insert free text.
Header
Displays a title containing the free text. For example, name and description of a report or dashboard, customer name, tenant ID, or date.

Asset Widgets

Widget Name
Description
Managed Assets vs Unmanaged Assets
Displays a detailed breakdown of your active managed and unmanaged assets.
Agent Status Breakdown
Displays the total number of Cortex XDR agents by the agent status.
Agent Version Breakdown
Displays the total number of registered Cortex XDR agents and the distribution of agents by agent version.
Number of Installed Agents
Displays a timeline of the number of agents installed on endpoints over the last 24 hours, 7 days, or 30 Days.
Operating System
Type Distribution Displays the total number of registered agents and their distribution according to the operating system.

XQL Search

Widget Name
Description
XQL Query
Displays visualization for the results of an XQL Search query over the past 24 hours, 7 days, or 30 days. By default, the query runs every 24 hours .
Update Now
to rerun the query immediately.
See the XQL Language Reference for detailed information about creating an XQL Search query.

Custom Widget

Widget Name
Description
Custom Widget
Displays visualization for the results of an XQL Search.
See the XQL Language Reference for detailed information about creating an XQL Search query.

System Monitoring

Widget Name
Description
Ingestion Rate
Displays the rate at which Cortex XDR consumes data ingested from a specific vendor or product over the past 24 hours, 7 days, or 30 days. All ingestion rates are measured by bytes per second.
Daily Consumption
A breakdown comparing the product/vendor consumption versus your allowed daily limit over the past 24 hours, displayed in UTC.
The
Daily limit
is calculated according to your Cortex XDR license type: Amount of TB / 30 days
If the ingestion rate has exceeded your daily limit, Cortex XDR will issue a notification through the Notification Center and email. After 3 continuous days of exceeding the ingestion rate, Cortex XDR will stop ingesting data that exceeds the daily limit.
Detailed Ingestion
Breakdown of ingestion data per vendor or product over the past 30 days.
Filter the following information for each source:
  • Product/Vendor—Name of the selected product or vendor.
  • First Seen—Timestamp of when product/vendor were first ingested.
  • Last Seen—Timestamp of when product/vendor were last ingested.
  • Last Day Ingested—Amount of data ingested over the past 30 days.
  • Current Day Ingested—Amount of data ingested over the past 24 hours.

Host Insights

(
Requires a Cortex XDR Host Insights Add-on
)
Widget Name
Description
CVEs By Severity
Provides a summary of the total number of existing CVEs in your network according to critical, high, medium, and low severity.
Click a severity to open a filtered view of the CVEs.
Top CVEs By Affected Endpoints
Displays the top Critical, High, and Medium severity CVEs currently existing in your network according to the total number of endpoints affected by each CVE.
Click a CVE to open a filtered view of all affected endpoints.
Top Vulnerable Applications
Displays the most vulnerable applications with the highest number of Critical, High, and Medium severity CVEs. Cortex XDR calculates the vulnerabilities for different application versions running on different operating systems.
Click an application to open a filtered view of all existing CVEs for the selected application.
Top Vulnerable Endpoints
Displays the most vulnerable endpoints with the highest number of critical, high, and medium CVEs.
Click a host to open a filtered view of all existing CVEs for the selected host.
Vulnerabilities On All Endpoints Over Time
Displays CVEs over time across your network.
Select the time scope in the upper right to view the number of CVEs over the last 24 hours, 7 days, or 30 Days.
Hover over the graph to view the number of existing CVEs on a specific day.

Recommended For You