https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-console-events-visibility-on-xdr-dashboard/m-p/528861#M3479 <P>Hi,</P> <P>I need the events from the screenshot below to be visible from the Cortex XDR dashboard. Is there any XQL query that could showcase these events with the endpoints hostname?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MayurLad_0-1674823579578.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/47465iB78D0C01D4DB0BDB/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="MayurLad_0-1674823579578.png" alt="MayurLad_0-1674823579578.png" /></span></P> <P>&nbsp;</P> Fri, 27 Jan 2023 12:46:36 GMT MayurLad 2023-01-27T12:46:36Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-console-events-visibility-on-xdr-dashboard/m-p/528861#M3479 <P>Hi,</P> <P>I need the events from the screenshot below to be visible from the Cortex XDR dashboard. Is there any XQL query that could showcase these events with the endpoints hostname?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MayurLad_0-1674823579578.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/47465iB78D0C01D4DB0BDB/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="MayurLad_0-1674823579578.png" alt="MayurLad_0-1674823579578.png" /></span></P> <P>&nbsp;</P> Fri, 27 Jan 2023 12:46:36 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-console-events-visibility-on-xdr-dashboard/m-p/528861#M3479 MayurLad 2023-01-27T12:46:36Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-console-events-visibility-on-xdr-dashboard/m-p/528865#M3481 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/270308">@MayurLad</a>&nbsp;,</P> <P>&nbsp;</P> <P>Incidents and alert data is not part of the XQL dataset to query upon. However, all of the events convert to XDR alerts and hence, you can navigate to alerts table to filter out all alerts from a particular hostname.&nbsp;</P> <P>&nbsp;</P> <P>You can use the filter as mentioned here: alert source=XDR Agent AND hostname="xxxx" Timestamp="&lt;your choice of timestamp&gt;"</P> <P>&nbsp;</P> <P>Hope this helps!</P> Fri, 27 Jan 2023 13:00:39 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-console-events-visibility-on-xdr-dashboard/m-p/528865#M3481 neelrohit 2023-01-27T13:00:39Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-console-events-visibility-on-xdr-dashboard/m-p/529111#M3491 <P>I was able to find the required incidents.</P> <P>&nbsp;</P> <P>Thank you&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/142551">@neelrohit</a>&nbsp;</P> Mon, 30 Jan 2023 05:45:49 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-console-events-visibility-on-xdr-dashboard/m-p/529111#M3491 MayurLad 2023-01-30T05:45:49Z