Cortex XDR Incident Report

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex XDR Incident Report

L0 Member

Looking for a way to create a report that shows how long it is taking our analyst to close an incident. I have read elsewhere it is not possible since the data is not exposed to xql.  Does anyone know how to create something that would show how long an incident is open before closing? 

 

I have looked at the widgets in the report library but nothing shows this data. 

1 REPLY 1

L2 Linker

Hi @mehrleytim ,

 

Thank you for reaching out to Palo Alto Live community.

 

With respect to your query, if we can create a widget or report that shows how long it is taking our analyst to close an incident, unfortunately we do not have that option available as the alert or incidents are not the part of the data sets.

 

However, there are few existing widgets that you can refer and can be useful with respect to your query or feature that you are looking for. Below are the list of widgets I can recommend you that you can refer:

 

  1. My MTTR (Will show you the MTTR of resolved incidents assigned to the logged in user).
  2. Resolved Incidents MTTR (Will show the MTTR of the resolved incidents by severity).
  3. Resolved Incidents by Assignee.
  4. Incidents Over Time.
  5. Total Incidents.
  6. Incidents By Status (Last 30 days).

Hope this helps!

Please mark the response as "Accept as Solution" if it answers your query.

  • 519 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!