I can't seem to find what I'm looking for in the Cortex XDR console. I am trying to find a way to view all alerts generated whether it is from XDR or Analytics. The only way I can see this list is if I create an exclusion Investigation --> Exclusions --> Add Exclusion. Is there a more direct way to view these Alerts?
While incident/alert information is not currently accessible via XQL, we do offer a few OOTB widgets which could be similar to what you're looking to create.
If you'd go into your XDR tenant -> Dashboards & Reports -> Widget Library and type 'severity' in the search bar you should be able to find the 'Open Incidents By Severity' widget (screenshot attached below).
Let me know if you have any further questions.
I believe Alert Table is not in the navigation bar, because Palo wants you to steer your focus on more important Incidents.
Cortex XDR console will generate Incident for each alert with severity Medium, High and Critical. It will generate incident some Low severity alert, but not all of them.
Incidents are simple containers, which will consolidate/aggregate all alert that are somehow related.
So it should be more easy to focus on the Incidents and not overwhelm by avalanche of alerts
Now that being said there are two easy way to navigate to Alert table without jumping around:
- The easiest way would be to open URL https://<your-xdr-address>/alerts You can bookmark this URL and just click on your bookmark after you authenticate (if open the link after authentication, you will be redirected to the dashboard)
- You can use the quick launcher and its "go to" search. Type "/alert" - / to enter go to search and "alert" for the string you want to search. You will see the results below, navigate with arrows and enter to select
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!