Executions

The Executions page provides visibility into how Check Point XDRClosed Extended Detection & Response processes the alerts received in your account and the actions that it executes in response to the alerts.

To view the Executions page, access the XDR Administrator Portal and click Prevention CenterExecutions. By default, it shows the executions from the previous month.

The Executions table shows:

Item

Description
Time Date and time when the execution was performed.
User User who performed the execution.
Type

Type of execution:

  • Triage - Involves handling of alerts, such as creating alerts or correlating them with existing incidents.

  • Prevention - Involves prevention actions taken by XDR in response to alerts, such as creating an IoC.
Mode

Mode of execution:

  • Automatic - Executed automatically by XDR.

  • Manual - Executed manually by user.
Action Action taken on the alert.
Details Details about the execution, such as InsightClosed An aggregation of one or more logs into valuable observations indicating the nature of the activity. ID or indicator value.
Related incident IncidentClosed Correlation of one or more insights into a security incident potentially impacting your environment. It can be based on insights generated from one or more products. related to the execution. Click the link to view the incident details. You can view the details in Incidents Executions.

Status

Status of the execution:

  • Created

  • Completed

  • Failed

To view the executions during a specific time period, select the required option from the list at the top.

To export the Executions table data to a CSV file, click Export to CSV.

To search, in the Search field, enter the string and click the icon.

To filter the Executions table:

  1. Click the icon and then click Add filter.

  2. Enter the Field, Operator and Value and then click Save.