Showing Malware incident in the Dashboard

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Showing Malware incident in the Dashboard

L3 Networker

Hello, just  want to showed the Malware incidents and the related-malware filename in the dashboard, what should i choose for the XQL.

thanks

Life is full of surprise,
Just embrace it!
3 REPLIES 3

L0 Member

To display malware incidents and their related malware filenames in a dashboard using XQL (Extended Query Language), you can use the following query:   YourTexasBenefits

Find incidents with data.type = 'malware'

This query will retrieve all incidents that have a data type of "malware." You can then customize the dashboard to display the relevant information, such as the incident details and the associated malware filenames.

Please note that the exact implementation of XQL may vary depending on the specific security platform or tool you are using. Refer to the documentation or support resources provided by your security platform for more specific guidance on constructing queries and customizing dashboards.

Thanks for your reply.

I'm not sure where to locate data.type = "malware', is it under dataset = xdr_data or other dataset?

Life is full of surprise,
Just embrace it!

Hi @SeanDeHarris ,

 

Not sure what @Fernando002 exactly means with XQL filters. However, we do not have incidents data exposed to XQL(XML query language) in Cortex XDR as of now. As a result, custom dashboard creation is not possible for the same. You can choose to create your own filters in alerts table under the Category: Malware and Module:<Enter Module of your choice(eg. Wildfire, Local Analysis, Behavioral Threat Protection etc.)> and then you can save the filter for the same. 

Alternatively, if you want a consolidated dashboard, there is a widget which shows detections by category which should also list you the count of alerts/incidents generated as malware.

 

Hope this helps!

 

  • 1011 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!