Cortex XDR API Connector - User Guide - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse User Guide

Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2024-03-14
End_of_Life
EoL
Category
User Guide
Abstract

Cortex Xpanse supports integration with Cortex XDR using an API connector.

Attack Surface Management (ASM) for Remote Workers is an API integration between Cortex Xpanse and Cortex XDR or GlobalProtect that enables you to identify and alert on security issues on remote worker systems and network environments.

The Cortex Xpanse integration with Cortex XDR enables you to perform the following key tasks to secure your remote worker attack surface:

  • Identify risks and reduce attack surface related to your remote employee environments

  • Identify the gaps in coverage of Cortex XDR agents in your organization

  • Identify the internal and external IP mapping of your remote workforce

  • Ensure employees are using VPN services

  • Improve MTTR by providing additional network data to incidents identified by Cortex XDR.

To set up the integration between Cortex Xpanse and Cortex XDR, perform the following tasks:

For more information about ASM for Remote Workers and the Remote Attack Surface Dashboard in Cortex Xpanse Expander, see Remote Attack Surface Overview.