Cortex XDR Incident Report

mehrleytim — Mon, 25 Sep 2023 22:12:21 GMT

Looking for a way to create a report that shows how long it is taking our analyst to close an incident. I have read elsewhere it is not possible since the data is not exposed to xql. Does anyone know how to create something that would show how long an incident is open before closing?

I have looked at the widgets in the report library but nothing shows this data.

Re: Cortex XDR Incident Report

dbahuguna — Tue, 26 Sep 2023 08:43:11 GMT

Hi @mehrleytim ,

Thank you for reaching out to Palo Alto Live community.

With respect to your query, if we can create a widget or report that shows how long it is taking our analyst to close an incident, unfortunately we do not have that option available as the alert or incidents are not the part of the data sets.

However, there are few existing widgets that you can refer and can be useful with respect to your query or feature that you are looking for. Below are the list of widgets I can recommend you that you can refer:

My MTTR (Will show you the MTTR of resolved incidents assigned to the logged in user).
Resolved Incidents MTTR (Will show the MTTR of the resolved incidents by severity).
Resolved Incidents by Assignee.
Incidents Over Time.
Total Incidents.
Incidents By Status (Last 30 days).

Hope this helps!

Please mark the response as "Accept as Solution" if it answers your query.

topic Cortex XDR Incident Report in Cortex XDR Discussions

Cortex XDR Incident Report

Re: Cortex XDR Incident Report