This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Low Severity events not showing in the new Cortex XDR 2.0 dashboard.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Low Severity events not showing in the new Cortex XDR 2.0 dashboard.

Go to solution
Rob-Basil
L1 Bithead

‎04-09-2020 07:26 AM

I used to be able to see the low severity events in the old traps dashboard but no longer see them anywhere in the new Cortex XDR 2.0 dashboard that we were upgraded to over the weekend (Great looking dashboard by the way).

 

Any ideas?

 

0 Likes Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
dfalcon
L4 Transporter
In response to Rob-Basil

‎04-09-2020 07:49 AM

There is a chance that a low severity alert will not create an actual incident.  A typical scenario where this applies is when you have a malware prevention with no additional action required.  You will still receive the alert because it happened, but there is no action required on your part.  Incidents, on the other hand, usually require some type of response / interaction.  Incidents are essentially one or more alerts that are related to an event -- grouped together.  You may still see some low-severity incidents that come across - these require attention, but have been prioritized lower than the mediums and highs. .  


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

View solution in original post

11 REPLIES 11

Go to solution
dfalcon
L4 Transporter

‎04-09-2020 07:33 AM

Hi there.  If you are talking about low severity alerts, you can view them by clicking on Investigation > Incidents.  Once in the incidents screen - on the top right of the interface, you'll see a link for the Alerts Table.  You should see them there.  

 

dfalcon_0-1586442762492.png

 


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 
0 Likes Likes

Go to solution
Rob-Basil
L1 Bithead
In response to dfalcon

‎04-09-2020 07:36 AM - edited ‎04-09-2020 07:42 AM

David,

 

Great, I see them there, thanks. But why are they not showing in the "Top Incidents (Top 10)" widget on the dashboard? It's only showing the High and Medium alerts even when there are less than 10 alerts I would expect it to show all of them.

 

The low alerts are also not showing in the "Open incidents by Severity" widget. It looks like all of the dashboard widgets are ignoring any Low level alerts.

0 Likes Likes

Go to solution
dfalcon
L4 Transporter
In response to Rob-Basil

‎04-09-2020 07:42 AM

I need a little more info here before answering.  When you list the incidents under Investigation > Incidents, are they showing up there as incidents (low severity incidents) or are they only showing up in the Alerts Table?


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 
0 Likes Likes

Go to solution
Rob-Basil
L1 Bithead
In response to dfalcon

‎04-09-2020 07:42 AM - edited ‎04-09-2020 07:47 AM

They are only showing in the Alerts Table.

 

Even when I specifically choose to show them in the Incidents they don't show up unless I choose the alerts table.

 

 

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks