26 Dec 10:14

2b4ef45

v2.1.1 Latest

Latest

XDRTop v2.1.1

Terminal-based monitoring tool for Cortex XSIAM/CLOUD and XDR from GoCortex.io

A Rust CLI application providing real-time, interactive case tracking with an htop-style interface. XDRTop connects to the Cortex Platform Cases API to display security cases with filtering, drill-down issue details, and MITRE ATT&CK framework integration.

Whats New

NEW FEATURES:

Add API-level domain filtering to exclude Posture domain by default, reducing initial load time from 60+ seconds to seconds
Add --domain-all CLI flag to optionally include all domains
Fix pagination bug: search_to now correctly uses page_size-1 per API schema

FIXES:

Update 20 packages including reqwest 0.12.28, serde_json 1.0.147

Features

Interactive terminal interface with real-time updates
Complete case coverage via paginated API fetching
Two-minute smart caching to reduce API load
Severity and status filtering with keyboard shortcuts
Case drill-down showing issue details and MITRE ATT&CK data
Domain-based filtering (Security, Posture)
Cross-platform support (Linux, macOS, Windows)

High-performance Rust CLI monitoring tool for Cortex XDR with real-time case tracking.

Downloads

Linux (Debian/Ubuntu): Download the .deb package
macOS (Intel): Download xdrtop-macos-x86_64.tar.gz
macOS (Apple Silicon): Download xdrtop-macos-aarch64.tar.gz
Windows: Download xdrtop-windows-x86_64.zip

Installation

Debian/Ubuntu

sudo dpkg -i xdrtop-linux-x86_64.deb

macOS

tar -xzf xdrtop-macos-*.tar.gz
sudo mv xdrtop-macos-* /usr/local/bin/xdrtop

Windows

# Extract ZIP and add to PATH
Expand-Archive xdrtop-windows-x86_64.zip -DestinationPath C:\Tools\xdrtop
# Add C:\Tools\xdrtop to your PATH environment variable

Configuration

Create your configuration file at ~/.xdrtop/config.json:

{
  "api_key_id": "your-api-key-id",
  "api_key_secret": "your-api-key-secret",
  "tenant_url": "https://api-your-tenant.xdr.au.paloaltonetworks.com"
}

Full Changelog: v1.0.35...v2.0.4

Assets 6

05 Dec 09:16

github-actions

v2.0.4

effb9b1

v2.0.4

XDRTop v2.0.4

Terminal-based monitoring tool for Cortex XSIAM/CLOUD and XDR from GoCortex.io

Whats New

KNOWN ISSUES:

Having an issue with drilldown at the moment, ideally this wouldn't go out but I need to draw a line somewhere

NEW FEATURES:

Migrated from legacy Incidents API to Cases API (/public_api/v1/case/search)
Issue Search API integration for case drill-down (/public_api/v1/issue/search)
Domain column and filtering with 'd' keyboard shortcut
Incremental sync using modification_time cursors
New fields: hosts, users, xdr_url, tags, severity breakdown counts

FIXES:

Security updates (122 packages)

ROADMAP:

GitHub Actions build process with tag-triggered releases
MUSL static linking for portable binaries
Quick lookback option for faster initial load

Features

Interactive terminal interface with real-time updates
Complete case coverage via paginated API fetching
Two-minute smart caching to reduce API load
Severity and status filtering with keyboard shortcuts
Case drill-down showing issue details and MITRE ATT&CK data
Domain-based filtering (Security, Posture)
Cross-platform support (Linux, macOS, Windows)

High-performance Rust CLI monitoring tool for Cortex XDR with real-time case tracking.

Downloads

Linux (Debian/Ubuntu): Download the .deb package
macOS (Intel): Download xdrtop-macos-x86_64.tar.gz
macOS (Apple Silicon): Download xdrtop-macos-aarch64.tar.gz
Windows: Download xdrtop-windows-x86_64.zip

Installation

Debian/Ubuntu

sudo dpkg -i xdrtop-linux-x86_64.deb

macOS

tar -xzf xdrtop-macos-*.tar.gz
sudo mv xdrtop-macos-* /usr/local/bin/xdrtop

Windows

# Extract ZIP and add to PATH
Expand-Archive xdrtop-windows-x86_64.zip -DestinationPath C:\Tools\xdrtop
# Add C:\Tools\xdrtop to your PATH environment variable

Configuration

Create your configuration file at ~/.xdrtop/config.json:

{
  "api_key_id": "your-api-key-id",
  "api_key_secret": "your-api-key-secret",
  "tenant_url": "https://api-your-tenant.xdr.au.paloaltonetworks.com"
}

Full Changelog: v1.0.35...v2.0.4

Assets 6

22 Aug 10:55

github-actions

v1.0.35

56c1231

v1.0.35

XDRTop v1.0.35 Release

High-performance Rust CLI monitoring tool for Cortex XDR with real-time case tracking.

New this update

Fully implemented pagination: fetches all incidents beyond the initial 100 limit
Critical performance optimisation: resolved issue where pagination executed on every UI refresh
Introduced smart caching (2-minute duration) to prevent redundant API calls
Adjusted polling interval to 2 minutes to align with cache, reducing API load
Built in duplicate incident_id deduplication, enhanced debug logging, and stronger error handling for large datasets
Applied major security and dependency updates: Ratatui v0.29.0, Crossterm v0.29.0, Reqwest v0.12.23, Tokio v1.47.1
Cleared all deprecation warnings

Downloads

Linux (Debian/Ubuntu): Download the .deb package
macOS (Intel): Download xdrtop-macos-x86_64.tar.gz
macOS (Apple Silicon): Download xdrtop-macos-aarch64.tar.gz
Windows: Download xdrtop-windows-x86_64.zip

Installation

Debian/Ubuntu

sudo dpkg -i xdrtop-linux-x86_64.deb

macOS

tar -xzf xdrtop-macos-*.tar.gz
sudo mv xdrtop-macos-* /usr/local/bin/xdrtop

Windows

# Extract ZIP and add to PATH
Expand-Archive xdrtop-windows-x86_64.zip -DestinationPath C:\Tools\xdrtop
# Add C:\Tools\xdrtop to your PATH environment variable

Configuration

Create your configuration file at ~/.xdrtop/config.json:

{
  "api_key_id": "your-api-key-id",
  "api_key_secret": "your-api-key-secret",
  "tenant_url": "https://api-your-tenant.xdr.au.paloaltonetworks.com"
}

Full Changelog: v1.0.33...v1.0.35

Assets 6

23 Jul 11:15

github-actions

v1.0.33

3e54ad0

v1.0.33

XDRTop v1.0.33 Release

High-performance Rust CLI monitoring tool for Cortex XDR with real-time case tracking.

Downloads

Linux (Debian/Ubuntu): Download the .deb package
macOS (Intel): Download xdrtop-macos-x86_64.tar.gz
macOS (Apple Silicon): Download xdrtop-macos-aarch64.tar.gz
Windows: Download xdrtop-windows-x86_64.zip

Installation

Debian/Ubuntu

sudo dpkg -i xdrtop-linux-x86_64.deb

macOS

tar -xzf xdrtop-macos-*.tar.gz
sudo mv xdrtop-macos-* /usr/local/bin/xdrtop

Windows

# Extract ZIP and add to PATH
Expand-Archive xdrtop-windows-x86_64.zip -DestinationPath C:\Tools\xdrtop
# Add C:\Tools\xdrtop to your PATH environment variable

Configuration

Create your configuration file at ~/.xdrtop/config.json:

{
  "api_key_id": "your-api-key-id",
  "api_key_secret": "your-api-key-secret",
  "tenant_url": "https://api-your-tenant.xdr.au.paloaltonetworks.com"
}

Full Changelog: v1.0.32...v1.0.33

Assets 6

08 Jul 10:08

github-actions

v1.0.32

6b06028

v1.0.32

XDRTop v1.0.32 Release

High-performance Rust CLI monitoring tool for Cortex XDR with real-time case tracking.

Updated in v1.0.32:

Drill-down is faster with proper loading feedback and smarter error handling
Improved memory and file management—no more leaks or hangs
Debug logs now only appear with the --debug flag
Console is clean in production; logs go to file only
Drill-down now pulls alert data correctly using the right API calls
Incident filtering is precise—no more generic or broken queries
API calls now log full (safe) details for better debugging
Fixed alert loading errors by switching to case_id filtering
MITRE ATT&CK support added via the proper endpoint
Fixed display and timing bugs—alerts show instantly in drill-down

Downloads

Linux (Debian/Ubuntu): Download the .deb package
macOS (Intel): Download xdrtop-macos-x86_64.tar.gz
macOS (Apple Silicon): Download xdrtop-macos-aarch64.tar.gz
Windows: Download xdrtop-windows-x86_64.zip

Installation

Debian/Ubuntu

sudo dpkg -i xdrtop-linux-x86_64.deb

macOS

tar -xzf xdrtop-macos-*.tar.gz
sudo mv xdrtop-macos-* /usr/local/bin/xdrtop

Windows

# Extract ZIP and add to PATH
Expand-Archive xdrtop-windows-x86_64.zip -DestinationPath C:\Tools\xdrtop
# Add C:\Tools\xdrtop to your PATH environment variable

Configuration

Create your configuration file at ~/.xdrtop/config.json:

{
  "api_key_id": "your-api-key-id",
  "api_key_secret": "your-api-key-secret",
  "tenant_url": "https://api-your-tenant.xdr.au.paloaltonetworks.com"
}

Full Changelog: v1.0.11...v1.0.32

Assets 6

27 Jun 11:29

github-actions

v1.0.11

b8c7528

v1.0.11

XDRTop v1.0.11 Release

High-performance Rust CLI monitoring tool for Cortex XDR with real-time case tracking.

Updated in v1.0.11:

Added Windows compilation support to GitHub workflow with ZIP packaging
Fixed hard-coded version in release workflow to use dynamic tag reference
PERFORMANCE OPTIMISATION – Implemented viewport rendering for large datasets (>1000)
Disabled mouse capture to enable text selection and copying from terminal
Added “Last Updated” column to case table with API field detection
Reorganised table layout – reduced Description column width to accommodate new column
Added Windows vcruntime140.dll troubleshooting and Visual C++ Redistributable requirements
Confirmed Windows compatibility – configuration paths work cross-platform using dirs crate
CRITICAL FIX – Resolved issue where Windows application started in case details mode and crashed on Escape
Added drill-down mode protection, safe exit handling, and forced initial render for improved Windows stability

Downloads

Linux (Debian/Ubuntu): Download the .deb package
macOS (Intel): Download xdrtop-macos-x86_64.tar.gz
macOS (Apple Silicon): Download xdrtop-macos-aarch64.tar.gz
Windows: Download xdrtop-windows-x86_64.zip

Installation

Debian/Ubuntu

sudo dpkg -i xdrtop-linux-x86_64.deb

macOS

tar -xzf xdrtop-macos-*.tar.gz
sudo mv xdrtop-macos-* /usr/local/bin/xdrtop

Windows

# Extract ZIP and add to PATH
Expand-Archive xdrtop-windows-x86_64.zip -DestinationPath C:\Tools\xdrtop
# Add C:\Tools\xdrtop to your PATH environment variable

Configuration

Create your configuration file at ~/.xdrtop/config.json:

{
  "api_key_id": "your-api-key-id",
  "api_key_secret": "your-api-key-secret",
  "tenant_url": "https://api-your-tenant.xdr.au.paloaltonetworks.com"
}

Full Changelog: https://github.com/gocortexio/xdrtop/commits/v1.0.11

Assets 6

25 Jun 10:41

github-actions

v1.0.7

3702293

v1.0.7

XDRTop v1.0.7 Release

High-performance Rust CLI monitoring tool for Cortex XDR with real-time case tracking.

Downloads

Linux (Debian/Ubuntu): Download the .deb package
macOS (Intel): Download xdrtop-macos-x86_64.tar.gz
macOS (Apple Silicon): Download xdrtop-macos-aarch64.tar.gz

Installation

Debian/Ubuntu

sudo dpkg -i xdrtop-linux-x86_64.deb

macOS

tar -xzf xdrtop-macos-*.tar.gz
sudo mv xdrtop-macos-* /usr/local/bin/xdrtop

Configuration

Create your configuration file at ~/.xdrtop/config.json:

{
  "api_key_id": "your-api-key-id",
  "api_key_secret": "your-api-key-secret",
  "tenant_url": "https://api-your-tenant.xdr.au.paloaltonetworks.com"
}

Full Changelog: https://github.com/gocortexio/xdrtop/commits/v1.0.7

Assets 5

Releases: gocortexio/xdrtop

v2.1.1

XDRTop v2.1.1

Whats New

Features

Downloads

Installation

Debian/Ubuntu

macOS

Windows

Configuration

Uh oh!

v2.0.4

XDRTop v2.0.4

Whats New

Features

Downloads

Installation

Debian/Ubuntu

macOS

Windows

Configuration

Uh oh!

v1.0.35

XDRTop v1.0.35 Release

New this update

Downloads

Installation

Debian/Ubuntu

macOS

Windows

Configuration

Uh oh!

v1.0.33

XDRTop v1.0.33 Release

Downloads

Installation

Debian/Ubuntu

macOS

Windows

Configuration

Uh oh!

v1.0.32

XDRTop v1.0.32 Release

Downloads

Installation

Debian/Ubuntu

macOS

Windows

Configuration

Uh oh!

v1.0.11

XDRTop v1.0.11 Release

Updated in v1.0.11:

Downloads

Installation

Debian/Ubuntu

macOS

Windows

Configuration

Uh oh!

v1.0.7

XDRTop v1.0.7 Release

Downloads

Installation

Debian/Ubuntu

macOS

Configuration

Uh oh!