Overview

The Overview page shows a summary of the security operations of the on-boarded applications.

To view the Overview page, access Infinity XDRClosed Extended Detection & Response/XPRClosed Extended Prevention & Response and click Overview.

By default, the Overview page shows the data (all priorities) from the last 7 days.

To filter the data by priority:

  1. Select the time period. By default, it lists from the last 7 days.

  2. To filter incidents that require action, click Action required.

  3. To filter incidents prevented automatically by Infinity XDR/XPR, click Prevented.

  4. To filter incidents of specific priority, select the required Priority. By default, all priority levels are selected.

Connectivity

The Connectivity widget shows the connection status of the products connected to Infinity XDR/XPR. When you hover over the product name in the widget, you can view the following details:

  • The connectivity status of the product.

  • The number of events sent by the product.

  • Time when the product sent the last event.

Notes:

  • The connection timeout duration is 48 hours. If the product does not send events to Infinity XDR/XPR in 48 hours, the product becomes inactive and the icon changes to red.

  • The connectivity status of CloudGuard Network is indicated by Quantum Gateway.

  • Certificate expiry status for the Fortinet FortiGate Next Generation Firewall integration is indicated by the icon.

    For example:

    To renew the certificate, see Fortinet FortiGate Next Generation Firewall.

Prevention

The Prevention widget shows statistics from the Prevention Center.

You can filter the widget by:

  • Prevention actions taken (default)

  • Attacks prevented by XDR/XPR

Note - If no data is available for the filtered option, the widget appears as:

To configure automatic prevention actions, click the Automations link. The Automations page appears.

Asset Incident Priority

The Asset incident priority widget shows:

Item

Description

Assets

Total number of assets (Devices + Users) in your account.

Devices

Number of Device assets in your account.

To view the asset details, click the link. The Devices page appears.

Users

Number of User assets in your account.

To view the asset details, click the link. The Users page appears.

Total

Total number of assets (Devices/Users) with incidents that are at Critical or High priority levels.

Hover over the widget to view the count in each category. To view assets' details, click the link. The Devices/Users page appears filtered by Incident Priority.

Unassigned

Number of assets (Devices/Users) with unassigned incidents that are at Critical or High priority levels.

Hover over the widget to view the count in each category. To view assets' details, click the link. The Devices/Users page appears filtered by Incident Priority and Related Incidents that are unassigned.

Top 5 Assets by Priority

The Top 5 assets by priority widget shows the top five assets based on the priority levels of their related incidents.

The table shows:

Item

Description

Asset name

Name of the asset. To view the details, click the asset name.

Total incidents

Total number of incidents related to the asset.

To view the details, click the count. The Incidents page appears and lists all the related incidents.

Unassigned

Number of unassigned incidents related to the asset.

To view the details, click the count. The Incidents page appears and lists the unassigned incidents.

Incidents

The Incidents widget lists incidents by status. Hover over the incident for more information. Incidents are color-coded based on the priority levels.

Under Prevented, the widget shows the incidents automatically prevented by Infinity XDR/XPR.

Incidents Over Time

The Incidents over time widget shows the timeline of incidents by priority. Incidents are color-coded based on the priority levels.

Personalized News

The Personalized News widget shows cyber security news curated by the Check Point research team.

  • Infinity XDR/XPR analyzes the logs for the vulnerability described in the news article and creates incidents if necessary.

  • News related to existing incidents are listed first at the top. To view the related incidents, click the icon. The system redirects to the Incidents page and shows the related incidents.

Open Incidents by Assignee

The Open incidents by Assignee widget lists the number of open incidents for each assignee. Incidents are color-coded based on the priority levels.