Features Introduced in Cortex XDR Agent 7.7

Describes the new features introduced in Cortex XDR agent 7.7 releases.
The following topics describe the new features introduced in Cortex XDR agent 7.7 releases according to the supported agent operating systems.

Features Introduced in Cortex XDR Agent 7.7.1

Cross-Platform Features

The following features were added to Cortex XDR agents running on Windows, Linux, and Mac endpoints:
Feature
Description
Agent block all file types
To expand agent capabilities, you can now configure in Cortex XDR for the agent to block all files in the block list, even if the malware profile is set to report.
Agent tokens for password management and distribution
(
This feature is only supported with version 3.3
)
Cortex XDR now offers a solution to ease password management and its distribution. Cortex XDR maintains and manages tokens for each of the agents and can generate temporary tokens on demand.When performing an action on the agent that requires a password entry, all you need to do is retrieve the hash from the agent to get the token password from Cortex XDR for that agent. The token is automatically assigned to every endpoint and can be used to perform any action requiring a password on the agent. If needed, the administrator can create a token for any endpoint or a group of endpoints with an expiration date and use it to manage those endpoints for the pre-defined period. The token can also be retrieved for an endpoint that lost connectivity to the server by extracting the token hash on the endpoint and retrieving the original token from that hash on the server.
Endpoint tags
(
This feature is only supported with version 3.3
)
To streamline how you manage your endpoints, Cortex XDR now allows you to tag endpoints using the Cortex XDR management console and on the endpoint during installation and agent lifespan. Each endpoint can be assigned one or more dynamic tags you define, allowing you flexibility with how you filter and group your endpoints. To easily track the tags associated with the endpoints, in the All Endpoints and Forensics tables, a new Endpoint Tags field displays how the tag was assigned to the endpoint; via the management console - Server, or installation and cytool arguments - Agent.

Linux Features

The following features were added to Cortex XDR agents running on Linux endpoints:
Feature
Description
Agent supported on Linux with SELinux enabled
Cortex XDR agent is now supported on Linux platforms with SELinux enabled.
Agent supports SELinux on RHEL 8
Cortex XDR agent now supports SELinux on RHEL 8.

Features Introduced in Cortex XDR Agent 7.7

Cross-Platform Features

The following features were added to Cortex XDR agents running on Windows, Linux, and Mac endpoints:
Feature
Description
Custom Isolation Message
You can now set a custom endpoint isolation message displayed to the user when the endpoint is isolated.In the
Agent Settings profile
User Interface
section, define an
Endpoint Network Isolation Notification
of up to 150 characters.

Windows Features

The following features were added to Cortex XDR agents running on Windows endpoints:
Feature
Description
Cortex XDR Agent Console Enhancement
(
Requires a Cortex XDR agent 7.7 or later release for Windows
)
To streamline the investigation of alerts from multiple users, Cortex XDR now allows you to view in the Cortex XDR Console
Events
tab, alerts from all users.
To display alerts from all users, in the
Cortex XDR management console
Agent Settings profile
User Interface
section, enable events from all users.
Cortex XDR Agent Supported Operating Systems and Virtual Applications
(
Requires a Cortex XDR agent 7.7 or later release for Windows
)
Cortex XDR agent now supports the following:
  • Nutanix virtual machine solution
  • Windows 10 IoT Core (on X86/X64)

Linux Features

The following features were added to Cortex XDR agents running on Linux endpoints:
Feature
Description
Signed Cortex XDR Agent Installation for Linux
(
Requires a Cortex XDR agent 7.7 or later for Linux
)
To better secure your Cortex XDR agent installations on Linux machines, installation packages are now signed by Palo Alto Networks. The installation package contains a new configuration file which includes the tenant ID and registration key. When installing the agent installation package, if signature-checking is configured, you will need to install a Cortex XDR public key.
Network Isolation for Linux Endpoints
(
Requires a Cortex XDR agent 7.7 or later for Linux
)
To expand your network isolation capabilities, Cortex XDR now allows you to isolate Linux endpoints.
User Space Linux Agent
(
Requires a Cortex XDR agent 7.7 or later for Linux
)
Cortex XDR Linux agent can now protect your machine using user space only without any kernel components.
In the
Agent Setting Profile for Linux
, enable User Space as your
Agent Operation Mode
, and update/deploy the Cortex XDR 7.7 agent YAMAL file for Kubernetes based installations.
To help you track with which operation mode your Linux endpoints are running, in the
All Endpoints
table, Cortex XDR now displays the
Linux Operation Mode
field, listing whether the endpoint is running with
User Space
,
Kernel
, or
Kernel Disabled
mode.

Mac Features

There are no Mac features in this release.

Recommended For You