View Details About an Endpoint
You can view miscellaneous details about a particular
endpoint that you select.
The page
provides a central location from which you can view and manage the
endpoints on which the
Cortex
XDR agent is
installed. To ensure the
All Endpoints
table
is displaying the most useful list of endpoints, you can perform
a one-time or periodic cleanup of duplicated entities of the same
endpoint from the table. After the cleanup, duplicated entities are
removed leaving only one endpoint entry - the last endpoint to connect
with the server. Deleted endpoint data is retained for 90 days from
the last connection timestamp. If a deleted endpoint reconnects,
Cortex XDR recovers and redisplays the endpoint’s existing data.Navigate
to .
Enable the
Periodic duplicate cleanup
and
select to either run one-time cleanup
or
define to run according to the Host Name, Host IP Address, and/or
MAC Address fields every 6 hours, 12 hours, 1 day, or 7 days.Manage
Endpoints
The right-click pivot menu that is available
for each endpoint displays the actions you can perform.The following
table describes the list of actions you can perform on your endpoints.
Field | Action |
|---|---|
Endpoint Control |
|
Endpoint Data |
|
View Endpoint Data
The following
table describes both the default and additional optional fields
that you can view in the
All Endpoints
table
and lists. The table lists the fields in alphabetical order.
Field | Description |
|---|---|
| Check box to select one or more endpoints on
which to perform actions. |
Active Directory | Lists all Active Directory Groups and Organizational
Units to which the user belongs. |
Assigned Policy | Policy assigned to the endpoint. |
Auto Upgrade Status | When Agent
Auto Upgrades are
enabled, indicates the action status is either:
To include or exclude one or more endpoints
from auto upgrade, right-click and select After an endpoint
is excluded, the Auto upgrade profile configuration will no longer
be available. If you exclude the endpoint from Auto Upgrade
while the Auto Upgrade Status is In progress status,
the ongoing upgrade will still take place. |
Cloud Info | Displays IBM and Alibaba Cloud metadata reported
by the endpoint. |
Content Auto Update | Indicates whether automatic content updates
are Enabled or Disabled for
the endpoint. See Agent
Settings profile. |
Content Release Timestamp | Displays the time and date of when the current
content version was released. |
Content Rollout Delay (days) | If you configured delayed content rollout,
the number of days for delay is displayed here. See Agent
Settings profile. |
Content Status | Displays the status of the content version
on the relevant endpoint. Cortex XDR attempts to contact an endpoint
and check the content version over a 7 day period. After this period
Cortex XDR displays one of the following statuses:
Content
Status is calculated every 30 minutes, therefore, there could be
a delay of up to 30 minutes in displaying the data. |
Content Version | Content update version used with the Cortex XDR agent. |
Disabled Capabilities | A list of the capabilities that were disabled
on the endpoint. To disable one or more capabilities,
right-click the endpoint name and select . Options
are:
You can disable these capabilities
during the Cortex XDR agent installation on
the endpoint or through .
Disabling any of these actions is irreversible, so if you later
want to enable the action on the endpoint, you must uninstall the
Cortex XDR agent and install a new package on the endpoint.Endpoint Administration |
Domain | Domain or workgroup to which the endpoint belongs,
if applicable. Only supported for Windows and macOS. |
Endpoint Alias | If you assigned an alias to represent the endpoint
in Cortex XDR , the alias
is displayed here. To set an endpoint alias, right-click the endpoint
name, and select Change endpoint alias . The
alias can contain any of the following characters: a-Z, 0-9, !@#$%^&()-'{}~_. |
Endpoint ID | Unique ID assigned by Cortex XDR that identifies the endpoint. |
Endpoint Isolated | Isolation status, either:
|
Endpoint Name | Hostname of the endpoint. If the agent enables
Pro features, this field also includes a PRO badge.
For Anrdoid endpoints, the hostname comprises the <firstname >— <lastname >
of the registered user, with a separating dash. |
Endpoint Status | Registration status of the Cortex XDR agent on the endpoint:
|
Endpoint Type | Type of endpoint: Mobile , Server ,
or Workstation . |
Endpoint Version | Versions of the Cortex XDR
agent that runs on the endpoint. |
First Seen | Date and time the Cortex XDR
agent first checked in (registered) with Cortex XDR . |
Golden Image ID | For endpoints with a System Type of Golden
Image, the image ID is a unique identifier for the golden image. |
Group Names | Endpoint Groups to which the endpoint is a
member, if applicable. See Define Endpoint Groups. |
Incompatibility Mode | Cortex XDR agent incompatibility
status, either:
When Cortex XDR agents are compatible with the operating
system and environment, this field is blank. |
Isolation Date | Date and time of when the endpoint was Isolated .
Displayed only for endpoints in Isolated or Pending
Isolation Cancellation status. |
Install Date | Date and time at which the agent was first
installed on the endpoint. |
Installation Package | Installation package name used to install the Cortex XDR agent. |
Installation Type | Type of installation:
|
IP Address | Last known IPv4 address of the endpoint. |
IPv6 Address | Last known IPv6 address of the endpoint. |
Is EDR Enabled | Whether EDR data is enabled on the endpoint. |
Last Content Update Time | Displays the time and date when the agent last
deployed a content update. |
Last Origin IP | Represents the last IPv4 address from which
the Cortex XDR agent connected. |
Last Origin IPv6 | Represents the last IPv6 address from which
the Cortex XDR agent connected. |
Last Scan | Date and time of the last malware scan on endpoint. |
Last Seen | Date and time of the last change in an agent's
status. This can occur when Cortex XDR receives a periodic status report from the agent (once
an hour), a user performed a manual Check In, or a security event
occurred. Changes to the agent status can take up to ten minutes
to display on Cortex XDR . |
Last Used Proxy | The IP address and port number of proxy that
was last used for communication between the agent and Cortex XDR . |
Last Used Proxy Port | Last proxy port used on endpoint. |
Linux Operation Mode | ( Cortex XDR agent
7.7 and later for LinuxCortex XDR agent. The operation modes available are; Kernel , User Space ,
or Kernel Disabled . |
MAC Address | The endpoint MAC address that corresponds to
the IP address. Currently this information is available only for
IPv4 addresses. |
Mobile ID | Unique identifier of the agent located on an
Android or iOS mobile. |
Network Interface | The relation between the MAC address and the
IP address for agents that can report the network interfaces information.
Currently this information is available only for IPv4 addresses. |
Network Location | ( Cortex XDR agent
7.1 and later for Windows and Cortex XDR agent
7.2 and later for macOS and LinuxCortex XDR agent when you enable this capability
in the Agent
Settings profile:
|
Operating System | Name of operating system. |
Operational Status | Cortex XDR agent operational status:
|
OS Description | Operating system version name. |
OS Type | Name of the operating system. |
OS Version | Operating system version number. |
Platform | Platform architecture. |
Proxy | IP address and port number of the configured
proxy server. |
Scan Status | Malware scan status, either:
|
Tags | Displays the tags associated with the endpoint. Tags
created in the Cortex XDR agent are displayed
with a shield icon. |
Users | User that was last logged into the endpoint.
On Android endpoints, the Cortex XDR app identifies the user from the email prefix specified
during app activation. |
