This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XDR report

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cortex XDR report

Go to solution
RomainCouvreur
L2 Linker

‎01-12-2021 07:45 AM

Hello Live community,

 

I have a question about the report on Cortex, i want to know if the “Infected Endpoints” comes as default in Cortex reports or if we need to configure something to show that option?

Do the widgets "incidents by source" or "Top incidents (Top 10) " display the infected Host?

 

I suppose that incidents by source will be the closest thing to infected host.

As i can understand, if the agent has created an event, it s because Cortex has done its job and prevent the host from being infected, so the host is not infected. But will we see it in the Report? Or how can we see it in the report?

 

Thanks in advance for your reply.

 

Best regards.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
dfalcon
L4 Transporter
In response to RomainCouvreur

‎01-12-2021 07:15 PM

Hi @RomainCouvreur-

 

The XQL xdr_data dataaset does not include alert data.  Until that dataset is exposed, the easiest way to look for the rare cases that need your attention is to filter for XDR agent and post detections in the alert table as shown below.

dfalcon_1-1610507552025.png

 

 


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

View solution in original post

0 Likes Likes
3 REPLIES 3

Go to solution
dfalcon
L4 Transporter

‎01-12-2021 08:13 AM

Hi @RomainCouvreur-

 

I'm not sure I understand the ask.  Are you looking for a report that shows you malware events (to include the host) that need your attention?  Or do you want to see all hosts that had malware events that also may have had preventions?


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 
0 Likes Likes

Go to solution
RomainCouvreur
L2 Linker
In response to dfalcon

‎01-12-2021 08:47 AM

Hello David,

 

Thank you for your prompt reply.

 

We are looking for a report that shows us malware events (to include the host) that need our attention.

 

Best regards.

 

 

 

0 Likes Likes

Go to solution
dfalcon
L4 Transporter
In response to RomainCouvreur

‎01-12-2021 07:15 PM

Hi @RomainCouvreur-

 

The XQL xdr_data dataaset does not include alert data.  Until that dataset is exposed, the easiest way to look for the rare cases that need your attention is to filter for XDR agent and post detections in the alert table as shown below.

dfalcon_1-1610507552025.png

 

 


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 
0 Likes Likes
  • 1 accepted solution
  • 2795 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks