Predefined Dashboards

Cortex XDR comes with predefined dashboards that for common reports that enable you to monitor the status of your deployment.
Cortex XDR comes with predefined dashboards that display widgets tailored to the dashboard type. You can select any of the predefined dashboards directly from the dashboard menu in
Reporting
Dashboard
. You can also select and rename a predefined dashboard in the
Dashboard Builder
available by clicking
+ New Dashboard
. The types of dashboards that are available to you depend on your license type but can include:

Agent Management Dashboard

The Agent Management Dashboard displays at-a-glance information about the endpoints and agents in your deployment.
Support for the Agent Management Dashboard requires either a Cortex XDR Prevent or Cortex XDR Pro per Endpoint license.
The dashboard is comprised of the following Dashboard Widgets:
  • Agent Status Breakdown
  • Agent Content Version Breakdown (Top 5)
  • Agent Version Breakdown (Top 5)
  • Operating Type Distribution
  • Top Hosts (Top 10 | Last 30 days)

Incident Management Dashboard

The Incidents Management Dashboard provides a graphical summary of incidents in your environment, with incidents prioritized and listed by severity, assignee, incident age, and affected hosts.
The dashboard is comprised of the following Dashboard Widgets:
  • Incidents by Assignee (Top 10 | Last 30 days)
  • Open Incidents
  • Open Incidents By Severity (Last 30 days)
  • Top Hosts (Top 10 | Last 30 days)
  • Top Incidents (Top 10)
To filter a widget to display only incidents that match incident starring policies, select the star in the right corner. A purple star indicates that the widget is displaying only starred incidents. The starring filter is persistent and will continue to show the filtered results until you clear the star.

Security Manager Dashboard

The Security Manager Dashboard widgets display general information about Cortex XDR incidents and agents.
The Security Manager Dashboard requires either a Cortex XDR Prevent or Cortex XDR Pro per Endpoint license.
The dashboard is comprised of the following Dashboard Widgets:
  • Agent Status Breakdown
  • Agent Version Breakdown (Top 5)
  • Incidents by Assignee (Top 10 | Last 30 days)
  • Open Incidents By Severity (Last 30 days)
  • Top Incidents (Top 10)
  • Total Incidents
For incident-related widgets you can also filter the results to display only incidents that match incident starring policies. To apply the filter, select the star in the right corner of the widget. A purple star indicates that the widget is displaying only starred incidents. The starring filter is persistent and will continue to show the filtered results until you clear the star.

Data Ingestion Dashboard

The Data Ingestion dashboard displays an overview and detailed information regarding the type and amount of data is ingested by Cortex XDR filtered by different resolutions. For example, Syslog Collector, Check Point logs, and authentication logs.
The dashboard is comprised of the following Dashboard Widgets:
  • Ingestion Rate—Displays your data ingestion rate, measured in bytes/ sec, over the past 24 hours, 7 days, or 30 days filtered according to the type of product, vendor, or device.
  • Daily Consumption—Stacked graphs measuring your daily data consumption, according to either product, vendor, or device type, versus your daily consumption limit. Each bar indicates a 24 hour range over the past 14 days. Cortex XDR measures and enforces the 24 hour rage according to UTC, however the graph displays the 24 hour rage according to the selected tenant timezone.
  • Detailed Ingestion—Table listing when a product, vendor, or device was first and last seen, and the amount of data ingested over the last 24 hour range and the current 24 hours. Detailed ingestion for the current 24 hours is updated in 5 minute intervals.

Security Admin Dashboard

The Security Admin Dashboard displays an overview and detailed information regarding the incidents across your organization and the status of resolved and overdue incidents.
The dashboard is comprised of the following Dashboard Widgets:
  • Incident Status Board—Displays a breakdown of the incidents over the last 30 days, 7 days, or 24 hours.
  • Resolved Incident MTTR—Displays the overall MTTR of all incidents created by severity and the average time it took to resolve the incidents compared to the defined Target MTTR over the last 30 days, 7 days, or 24 hours.
  • Overdue Incidents of Top 5 Assignees—Displays the top 5 assignees by assignee name with the highest number of overdue incidents over the last 30 days, 7 days, or 24 hours according to the incidents creation time.
  • Incidents Over Time—Displays the number of new incidents and resolved incidents over 14 days.
  • Newest Incidents— Display incidents details of the 5 most recent incidents.

Recommended For You