This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XDR Alerts

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cortex XDR Alerts

Go to solution
hhiggins
L2 Linker

‎04-21-2020 08:04 AM

Hi,

 

I can't seem to find what I'm looking for in the Cortex XDR console. I am trying to find a way to view all alerts generated whether it is from XDR or Analytics. The only way I can see this list is if I create an exclusion Investigation --> Exclusions --> Add Exclusion. Is there a more direct way to view these Alerts?

 

Thanks

Preview file
56 KB
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
dfalcon
L4 Transporter

‎04-21-2020 09:23 AM

HI there-

 

Go to Investigation > Incidents - then click on Alerts Table over to the right of the screen.

 

dfalcon_2-1587486154305.png

 

 


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

View solution in original post

1 person found this solution to be helpful.
8 REPLIES 8

Go to solution
dfalcon
L4 Transporter

‎04-21-2020 09:23 AM

HI there-

 

Go to Investigation > Incidents - then click on Alerts Table over to the right of the screen.

 

dfalcon_2-1587486154305.png

 

 


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 
1 person found this solution to be helpful.

Go to solution
hhiggins
L2 Linker
In response to dfalcon

‎04-21-2020 10:38 AM

Thank you @dfalcon

 

Feels like it is hidden away. They should be making this a submenu directly off of the Investigation menu.

 

 

(1)

Go to solution
dfalcon
L4 Transporter
In response to hhiggins

‎04-21-2020 10:45 AM

I will share that feedback with the Product Team.


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 
(2)

Go to solution
NPTEChrisSmith
L1 Bithead
In response to dfalcon

‎09-19-2022 01:44 PM

I too was having the same problem... wanting to look at the Alerts and how those turn into Incidents. I think it would be great to have a dashboard widget that would present a bar graph that shows the volume of Low, Medium, High and Critical alerts. Thanks.

Go to solution
mavraham
L4 Transporter
In response to NPTEChrisSmith

‎09-20-2022 05:41 AM

Hi!

While incident/alert information is not currently accessible via XQL, we do offer a few OOTB widgets which could be similar to what you're looking to create.

If you'd go into your XDR tenant -> Dashboards & Reports -> Widget Library and type 'severity' in the search bar you should be able to find the 'Open Incidents By Severity' widget (screenshot attached below).

 

mavraham_0-1663677597658.png

Let me know if you have any further questions.

 

Visit our Cortex XDR Customer Corner on Live Community to access resources for your product journey, engage in discussions with community members and subject matter experts, and register for upcoming events: Cortex XDR Customer Corner

0 Likes Likes

Go to solution
NPTEChrisSmith
L1 Bithead
In response to mavraham

‎09-20-2022 09:08 AM

OK - I'm not sure what " alert information is not currently accessible via XQL" means, since the Alert table is available and our's currently shows 3600 results.
Is it possible to allow us to add the ALERT TABLE as a favorite button? That way I can get into it with a single button, verses having to go into via the Incident screen?
Thank you,
Chris Smith
0 Likes Likes

Go to solution
Optimizer
L1 Bithead
In response to dfalcon

‎11-15-2022 10:24 AM

Had this issue today. I said the same thing when I found Alerts Table: "why isn't this an option indented under Incidents"
You can keep it where it is but add the direct link as well

Go to solution
aleksandar.astardzhiev
Cyber Elite
Cyber Elite
In response to Optimizer

‎12-09-2022 08:19 AM

Hey @NPTEChrisSmith and @Optimizer ,

 

I believe Alert Table is not in the navigation bar, because Palo wants you to steer your focus on more important Incidents.

 

Cortex XDR console will generate Incident for each alert with severity Medium, High and Critical. It will generate incident some Low severity alert, but not all of them.

Incidents are simple containers, which will consolidate/aggregate all alert that are somehow related.

So it should be more easy to focus on the Incidents and not overwhelm by avalanche of alerts

 

Now that being said there are two easy way to navigate to Alert table without jumping around:

- The easiest way would be to open URL https://<your-xdr-address>/alerts  You can bookmark this URL and just click on your bookmark after you authenticate (if open the link after authentication, you will be redirected to the dashboard)

- You can use the quick launcher and its "go to" search. Type "/alert" - / to enter go to search and "alert" for the string you want to search. You will see the results below, navigate with arrows and enter to select

 

Astardzhiev_1-1670602698569.png

 

0 Likes Likes
  • 1 accepted solution
  • 8025 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks