Features Introduced in Cortex XDR Agent 7.7

The following topics describe the new features introduced in Cortex XDR agent 7.7 releases according to the supported agent operating systems.

Features Introduced in Cortex XDR Agent 7.7.1

Cross-Platform Features

The following features were added to Cortex XDR agents running on Windows, Linux, and Mac endpoints:

Feature	Description
Agent block all file types	To expand agent capabilities, you can now configure in Cortex XDR for the agent to block all files in the block list, even if the malware profile is set to report.
Agent tokens for password management and distribution (This feature is only supported with version 3.3)	Cortex XDR now offers a solution to ease password management and its distribution. Cortex XDR maintains and manages tokens for each of the agents and can generate temporary tokens on demand. When performing an action on the agent that requires a password entry, all you need to do is retrieve the hash from the agent to get the token password from Cortex XDR for that agent. The token is automatically assigned to every endpoint and can be used to perform any action requiring a password on the agent. If needed, the administrator can create a token for any endpoint or a group of endpoints with an expiration date and use it to manage those endpoints for the pre-defined period. The token can also be retrieved for an endpoint that lost connectivity to the server by extracting the token hash on the endpoint and retrieving the original token from that hash on the server.
Endpoint tags (This feature is only supported with version 3.3)	To streamline how you manage your endpoints, Cortex XDR now allows you to tag endpoints using the Cortex XDR management console and on the endpoint during installation and agent lifespan. Each endpoint can be assigned one or more dynamic tags you define, allowing you flexibility with how you filter and group your endpoints. To easily track the tags associated with the endpoints, in the All Endpoints and Forensics tables, a new Endpoint Tags field displays how the tag was assigned to the endpoint; via the management console - Server, or installation and cytool arguments - Agent.

Feature

Description

Agent block all file types

To expand agent capabilities, you can now configure in Cortex XDR for the agent to block all files in the block list, even if the malware profile is set to report.

Agent tokens for password management and distribution

(This feature is only supported with version 3.3)

Cortex XDR now offers a solution to ease password management and its distribution. Cortex XDR maintains and manages tokens for each of the agents and can generate temporary tokens on demand. When performing an action on the agent that requires a password entry, all you need to do is retrieve the hash from the agent to get the token password from Cortex XDR for that agent. The token is automatically assigned to every endpoint and can be used to perform any action requiring a password on the agent. If needed, the administrator can create a token for any endpoint or a group of endpoints with an expiration date and use it to manage those endpoints for the pre-defined period. The token can also be retrieved for an endpoint that lost connectivity to the server by extracting the token hash on the endpoint and retrieving the original token from that hash on the server.

Endpoint tags

(This feature is only supported with version 3.3)

To streamline how you manage your endpoints, Cortex XDR now allows you to tag endpoints using the Cortex XDR management console and on the endpoint during installation and agent lifespan. Each endpoint can be assigned one or more dynamic tags you define, allowing you flexibility with how you filter and group your endpoints. To easily track the tags associated with the endpoints, in the All Endpoints and Forensics tables, a new Endpoint Tags field displays how the tag was assigned to the endpoint; via the management console - Server, or installation and cytool arguments - Agent.

Linux Features

The following features were added to Cortex XDR agents running on Linux endpoints:

Feature	Description
Agent supported on Linux with SELinux enabled	Cortex XDR agent is now supported on Linux platforms with SELinux enabled.
Agent supports SELinux on RHEL 8	Cortex XDR agent now supports SELinux on RHEL 8.

Feature

Description

Agent supported on Linux with SELinux enabled

Cortex XDR agent is now supported on Linux platforms with SELinux enabled.

Agent supports SELinux on RHEL 8

Cortex XDR agent now supports SELinux on RHEL 8.

Cross-Platform Features

The following features were added to Cortex XDR agents running on Windows, Linux, and Mac endpoints:

Feature	Description
Custom Isolation Message	You can now set a custom endpoint isolation message displayed to the user when the endpoint is isolated. In the Agent Settings profile → User Interface section, define an Endpoint Network Isolation Notification of up to 150 characters.

Feature

Description

Custom Isolation Message

You can now set a custom endpoint isolation message displayed to the user when the endpoint is isolated. In the Agent Settings profile → User Interface section, define an Endpoint Network Isolation Notification of up to 150 characters.

Windows Features

The following features were added to Cortex XDR agents running on Windows endpoints:

Feature	Description
Cortex XDR Agent Console Enhancement (Requires a Cortex XDR agent 7.7 or later release for Windows)	To streamline the investigation of alerts from multiple users, Cortex XDR now allows you to view in the Cortex XDR Console Events tab, alerts from all users. To display alerts from all users, in the Cortex XDR management console → Agent Settings profile → User Interface section, enable events from all users.
Cortex XDR Agent Supported Operating Systems and Virtual Applications (Requires a Cortex XDR agent 7.7 or later release for Windows)	Cortex XDR agent now supports the following: Nutanix virtual machine solution Windows 10 IoT Core (on X86/X64)

Feature

Description

Cortex XDR Agent Console Enhancement

(Requires a Cortex XDR agent 7.7 or later release for Windows)

To streamline the investigation of alerts from multiple users, Cortex XDR now allows you to view in the Cortex XDR Console Events tab, alerts from all users.

To display alerts from all users, in the Cortex XDR management console → Agent Settings profile → User Interface section, enable events from all users.

Cortex XDR Agent Supported Operating Systems and Virtual Applications

(Requires a Cortex XDR agent 7.7 or later release for Windows)

Cortex XDR agent now supports the following:

Nutanix virtual machine solution
Windows 10 IoT Core (on X86/X64)

Linux Features

The following features were added to Cortex XDR agents running on Linux endpoints:

Feature	Description
Signed Cortex XDR Agent Installation for Linux (Requires a Cortex XDR agent 7.7 or later for Linux)	To better secure your Cortex XDR agent installations on Linux machines, installation packages are now signed by Palo Alto Networks. The installation package contains a new configuration file which includes the tenant ID and registration key. When installing the agent installation package, if signature-checking is configured, you will need to install a Cortex XDR public key.
Network Isolation for Linux Endpoints (Requires a Cortex XDR agent 7.7 or later for Linux)	To expand your network isolation capabilities, Cortex XDR now allows you to isolate Linux endpoints.
User Space Linux Agent (Requires a Cortex XDR agent 7.7 or later for Linux)	Cortex XDR Linux agent can now protect your machine using user space only without any kernel components. In the Agent Setting Profile for Linux, enable User Space as your Agent Operation Mode, and update/deploy the Cortex XDR 7.7 agent YAMAL file for Kubernetes based installations. To help you track with which operation mode your Linux endpoints are running, in the All Endpoints table, Cortex XDR now displays the Linux Operation Mode field, listing whether the endpoint is running with User Space, Kernel, or Kernel Disabled mode.

Feature

Description

Signed Cortex XDR Agent Installation for Linux

(Requires a Cortex XDR agent 7.7 or later for Linux)

To better secure your Cortex XDR agent installations on Linux machines, installation packages are now signed by Palo Alto Networks. The installation package contains a new configuration file which includes the tenant ID and registration key. When installing the agent installation package, if signature-checking is configured, you will need to install a Cortex XDR public key.

Network Isolation for Linux Endpoints

(Requires a Cortex XDR agent 7.7 or later for Linux)

To expand your network isolation capabilities, Cortex XDR now allows you to isolate Linux endpoints.

User Space Linux Agent

(Requires a Cortex XDR agent 7.7 or later for Linux)

Cortex XDR Linux agent can now protect your machine using user space only without any kernel components.

In the Agent Setting Profile for Linux, enable User Space as your Agent Operation Mode, and update/deploy the Cortex XDR 7.7 agent YAMAL file for Kubernetes based installations.

To help you track with which operation mode your Linux endpoints are running, in the All Endpoints table, Cortex XDR now displays the Linux Operation Mode field, listing whether the endpoint is running with User Space, Kernel, or Kernel Disabled mode.

Mac Features

There are no Mac features in this release.

Features Introduced in Cortex XDR Agent 7.7 - 7.7 - Cortex XDR - Cortex XDR Agent - Advanced Endpoint Protection - Cortex - Security Operations

Cortex XDR Agent Release Notes

Features Introduced in Cortex XDR Agent 7.7.1

Cross-Platform Features

Linux Features

Features Introduced in Cortex XDR Agent 7.7

Cross-Platform Features

Windows Features

Linux Features

Mac Features