Set up Endpoint Protection

The Cortex XDR agent monitors endpoint activity and collects endpoint data that Cortex XDR uses to raise alerts. Before you can begin collecting endpoint data, you must enable access, deploy the Cortex XDR agent, and configure endpoint policy. To use endpoint management functions in Cortex XDR you must be assigned an administrative role in the hub.
  1. Verify the status of your Cortex XDR tenant.
    1. From the hub, click the gear icon next to your name.
    2. In the Cortex area, review the
      STATUS
      for the tenant you just activated.
      When your Cortex XDR tenant is available, the status changes to the green check mark.
  2. (
    Optional
    ) Set up Proxy Communication.
  3. Customize your Endpoint Security Profiles and assign them to your endpoints.
  4. (
    Optional
    ) Configure Device Control profiles to restrict access to USB-connected devices.
  5. Install the Cortex XDR agent on your endpoints.
    Install the agent software directly on an endpoint or use a software deployment tool of your choice (such as JAMF or GPO) to distribute and install the software on multiple endpoints.
  6. Verify that the Cortex XDR agent can connect to your Cortex XDR instance.
    If successful, the Cortex XDR console displays a Connected status. You can view the status of all agents on the
    Endpoints
    Endpoint Management
    Endpoint Administration
    of your Cortex XDR interface.

Recommended For You