Post-Deployment Verification
Incidents are syncing
Open the Command Dashboard. You should see incidents within 15–30 minutes of completing onboarding. If the dashboard is empty, check that your source system (Defender XDR or Sentinel) has active incidents.
Workspace appears in Workspace Manager
Click the Workspace Manager in the left sidebar. Your workspace should appear in the list with a green status indicator.
Module shows as configured
Go to Settings → Workspace Settings → Module Configuration. Your module (XDR or XDR + SIEM) should show Configured status.
Users and groups are assigned
Navigate to Settings → Users & Groups. Verify all team members have the correct roles.
Gamebook actions are available
Open any incident in the Workbench. Click on an entity (device, user, IP, etc.) and verify that response actions appear in the Gamebook panel.
Entity insights are loading
In the Workbench, click on a user or device entity. Verify that Entity Insights (sign-in logs, device timeline, threat intelligence) are loading.
Notifications are configured (XDR + SIEM)
Go to Settings → Notifications. Verify email recipients and severity filters are set. Send a test notification.
CMS rules are visible (XDR + SIEM)
Navigate to the Content Management System. Verify that the detection rule library is accessible and rules can be toggled on/off.
Endpoints page is populated
Go to the Endpoints page. Verify that onboarded devices appear with status information.
Something Not Working?
| Symptom | Article |
|---|---|
| No incidents appearing | Incident Sync Issues |
| Gamebook actions unavailable | Gamebook Failures |
| Consent or module errors | Onboarding Issues |
| Users can’t access workspace | Permission Errors |