Who Me Too'd this solution

Hello @.522643 ,

Greetings for the day.

Yes, this is a known behavior and identified issue in Cortex XDR 5.0. Several users and support cases have reported that exporting data from the Issues (formerly Alerts) menu is capped at 1,000 records.

Reason for the Limit:

The 1,000-record export limit was introduced in version 5.0 as a hardcoded performance safety measure to ensure management console stability and UI responsiveness. This issue is currently being tracked by engineering.

Recommended Workarounds:

Until a permanent fix or adjustment to the UI limit is released, you can use the following methods to retrieve more than 1,000 entries:

1. Use XQL Search (Query Center)

The most effective way to export large datasets (up to 50,000 or more rows) is through the Query Center using XQL.

• Navigate to Investigation → XQL Search
• Run a query against the alerts or issues dataset. For example:

2. Segmented Exports (Filtering)

If you prefer using the Issues menu directly, narrow down your results using stricter filters (such as specific time ranges or severity levels) so that each export contains fewer than 1,000 items.

3. Manual Copy (Small Datasets)

For smaller datasets slightly over the limit, you can select rows in the table, right-click, and choose Copy entire rows, then paste the data into Excel. Note that this is still limited by the number of records loaded in your browser view.

If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution".

Thanks & Regards,
S. Subashkar Sekar