The xdrdata dataset is the primary and most comprehensive data source within Cortex XDR. It serves as the central repository for all raw, low-level telemetry collected from various sensors, including Cortex XDR agents on endpoints and data from firewalls. This dataset contains granular event logs such as process executions, network connections, file activities, and registry modifications. Security analysts use the XDR Query Language (XQL) to directly query this raw data for in-depth threat hunting, incident investigation, and the creation of custom detection rules.
