Threat hunting and response across data sources just got a little easier. Cortex XDR application and agent releases in March and April introduce an amazing array of new features to help your security team identify threats in network traffic, orchestrate response at scale and reduce the attack surface of their endpoints.
With so many new features, where do we begin? Let’s start with the network viewpoint.
Since its inception, Cortex XDR could collect network data and apply behavioral analytics and AI to uncover attacks. Now, Cortex XDR extends direct access to network data for threat hunting and custom detection rules. With Cortex XDR, you can:
There are times when your analysts may need to perform sweeping actions across multiple endpoints at once. Whether collecting endpoint information, updating settings or immediately stopping fast-spreading attacks, remote script execution provides your team a powerful tool to manage endpoints.
With Cortex XDR agent 7.1 for Windows, MacOS, and Linux, you can run Python 3.7 scripts from the Cortex XDR management console and instantly see the results. A new API allows you to execute Python scripts from management and orchestration tools such as Cortex XSOAR. Out-of-the-box scripts make it easy for your team to take advantage of this powerful new feature.
Cortex XDR agent 7.1 also introduces important new features that secure your endpoints, address compliance requirements and make it easier than ever for you to replace your legacy antivirus with extended detection and response. New endpoint security features include:
To help your analysts understand attackers’ methods and objectives at each stage of an attack, Cortex XDR now displays the associated MITRE ATT&CK technique and tactic for every alert that relates to the MITRE ATT&CK framework.
For fine-grained control of individual permissions assigned to users and roles, Cortex XDR now separates what type of views and actions are permitted for each role. Roles are defined in the hub and allow customers to create and save new roles based on a broad set of permissions, edit role permissions, and more.
You can configure forwarding policies for alerts, management audit logs, agent audit logs and dashboard reports from the Cortex XDR application. You can also now forward alerts to Slack channels and Syslog servers, in addition to email accounts, and forward audit logs to Syslog servers.
To ease the deployment of the Broker VM, you can download the Broker VM images directly from the Cortex XDR management console. The registration and configuration are managed through the following web consoles:
Cortex XDR now allows Managed Security Services Providers (MSSPs) to easily manage security on behalf of their clients. MSSPs can now:
The above features are available with the Cortex XDR agent release 7.1 and later and with Cortex XDR version 2.2 and later. In addition to the features listed above, Cortex XDR includes updates that improve usability, simplify tuning and deployment, enhance APIs, and accelerate analysts’ tasks. For a complete list of new features introduced in March and April, see the Cortex XDR release notes and the Cortex XDR agent release notes.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.