This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Showing Malware incident in the Dashboard

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Showing Malware incident in the Dashboard

SeanDeHarris
L3 Networker

‎06-30-2023 03:25 AM - edited ‎06-30-2023 03:26 AM

Hello, just  want to showed the Malware incidents and the related-malware filename in the dashboard, what should i choose for the XQL.

thanks

Life is full of surprise,
Just embrace it!
0 Likes Likes
3 REPLIES 3

Fernando002
L0 Member

‎06-30-2023 04:40 AM - edited ‎07-02-2023 09:45 PM

To display malware incidents and their related malware filenames in a dashboard using XQL (Extended Query Language), you can use the following query:   YourTexasBenefits

Find incidents with data.type = 'malware'

This query will retrieve all incidents that have a data type of "malware." You can then customize the dashboard to display the relevant information, such as the incident details and the associated malware filenames.

Please note that the exact implementation of XQL may vary depending on the specific security platform or tool you are using. Refer to the documentation or support resources provided by your security platform for more specific guidance on constructing queries and customizing dashboards.

0 Likes Likes
(1)

SeanDeHarris
L3 Networker
In response to Fernando002

‎07-10-2023 12:08 AM

Thanks for your reply.

I'm not sure where to locate data.type = "malware', is it under dataset = xdr_data or other dataset?

Life is full of surprise,
Just embrace it!
0 Likes Likes

neelrohit
L5 Sessionator
In response to SeanDeHarris

‎07-10-2023 02:55 AM - edited ‎07-10-2023 02:55 AM

Hi @SeanDeHarris ,

 

Not sure what @Fernando002 exactly means with XQL filters. However, we do not have incidents data exposed to XQL(XML query language) in Cortex XDR as of now. As a result, custom dashboard creation is not possible for the same. You can choose to create your own filters in alerts table under the Category: Malware and Module:<Enter Module of your choice(eg. Wildfire, Local Analysis, Behavioral Threat Protection etc.)> and then you can save the filter for the same. 

Alternatively, if you want a consolidated dashboard, there is a widget which shows detections by category which should also list you the count of alerts/incidents generated as malware.

 

Hope this helps!

(view in My Videos)

 

0 Likes Likes
(1)
  • 1212 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks