View Details About an Endpoint

The
Endpoints
Endpoint Management
Endpoint Administration
page provides a central location from which you can view and manage the endpoints on which the Cortex XDR agent is installed. The right-click pivot menu that is available for each endpoint displays the actions you can perform.
endpoint-management-all.png
The following table describes the list of actions you can perform on your endpoints.
Field
Action
Endpoint Control
  • Perform Heartbeat
  • Change Endpoint Alias
  • Upgrade Agent Version
    You cannot upgrade VDI endpoints.
  • Retrieve Support File
  • Set Endpoint Proxy
  • Uninstall Agent
  • Delete Endpoint
  • Disable Capabilities (Live Terminal, Script Execution, and File Retrieval)
Security Operations
  • Retrieve Endpoint Files
  • Initiate Malware Scan
  • Abort Malware Scan
  • Initiate Live Terminal
  • Isolate Endpoint
Endpoint Data
  • View Incidents
  • View Endpoint Policy
  • View Actions
  • View Endpoint Logs
The following table describes both the default and additional optional fields that you can view in the Endpoints table and lists. The table lists the fields in alphabetical order.
Field
Description
check-box.png
Check box to select one or more endpoints on which to perform actions.
Active Directory
Lists all Active Directory Groups and Organizational Units to which the user belongs.
Assigned Policy
Policy assigned to the endpoint.
Auto Upgrade Status
When Agent Auto Upgrades are enabled, indicates the action status is either:
  • In progress
    —Indicates that the Cortex XDR agent upgrade is in progress on the endpoint.
  • Up to date
    —Indicates that the current Cortex XDR agent version on the endpoint is up to date.
  • Failure
    —Indicates that the Cortex XDR agent upgrade failed after three retries.
  • Not configured
    —Indicates that automatic agent upgrades are not configured for this endpoint.
  • Pending
    —Indicates that the Cortex XDR agent version running on the endpoint is not up to date, and the agent is waiting for the upgrade message from Cortex XDR.
  • Not supported
    —Indicates this endpoint type does not support automatic agent upgrades. Relevant for VDI, TS, or Android endpoints.
Content Auto Update
Indicates whether automatic content updates are
Enbaled
or
Disabled
for the endpoint. See Agent Settings profile.
Content Rollout Delay (days)
If you configured delayed content rollout, the number of days for delay is displayed here. See Agent Settings profile.
Content Version
Content update version used with the Cortex XDR agent.
Domain
Domain or workgroup to which the endpoint belongs, if applicable.
Endpoint Alias
If you assigned an alias to represent the endpoint in Cortex XDR, the alias is displayed here. To set an endpoint alias, right-click the endpoint name, and select
Change endpoint alias
. The alias can contain any of the following characters: a-Z, 0-9, !@#$%^&()-'{}~_.
Endpoint ID
Unique ID assigned by Cortex XDR that identifies the endpoint.
Endpoint Isolated
Isolation status, either:
  • Isolated
    —The endpoint has been isolated from the network with communication permitted to only Cortex XDR and to any whitelisted IP addresses and processes.
  • Not Isolated
    —Normal network communication is permitted on the endpoint.
  • Pending Isolation
    - The isolation action has reached the server and is pending contact with the endpoint.
  • Pending Isolation Cancelation
    - The cancel isolation action has reached the server and is pending contact with the endpoint.
Endpoint Name
Hostname of the endpoint.
Endpoint Status
Registration status of the Cortex XDR agent on the endpoint:
  • Connected
    —The Cortex XDR agent has checked in within 10 minutes. Three minutes for mobile endpoints.
  • Disconnected
    —The Cortex XDR agent has checked in within the defined inactivity window: between 10 minutes and 30 days for standard and mobile endpoints, and between 10 minutes and 6 hours for VDI and temporary sessions.
  • Connection Lost
    —The Cortex XDR agent has not checked in within 30 days (standard and mobile endpoints only).
  • Uninstalled
    —The Cortex XDR agent has been uninstalled from the endpoint.
Endpoint Type
Type of endpoint:
Mobile
,
Server
, or
Workstation
.
Endpoint Version
Versions of the Cortex XDR agent that runs on the endpoint.
First Seen
Date and time the Cortex XDR agent first checked in (registered) with Cortex XDR.
Golden Image ID
For endpoints with a System Type of Golden Image, the image ID is a unique identifier for the golden image.
Group Names
Endpoint Groups to which the endpoint is a member, if applicable. See Define Endpoint Groups.
Incompatibility Mode
Cortex XDR agent incompatibility status, either:
  • Agent Incompatible
    —The Cortex XDR agent is incompatible with the environment and cannot recover.
  • OS Incompatible
    —The Cortex XDR agent is incompatible with the operating system.
When Cortex XDR agents are compatible with the operating system and environment, this field is blank.
Isolation Date
Date and time of when the endpoint was
Isolated
. Displayed only for endpoints in
Isolated
or
Pending Isolation Cancelation
status.
Install Date
Date and time at which the Cortex XDR agent was first installed on the endpoint.
Installation Package
Installation package name used to install the Cortex XDR agent.
Installation Type
Type of installation:
  • Standard
  • VDI
  • Golden Image
  • Temporary Session
IP
Last known IPv4 or IPv6 address of the endpoint.
Is EDR Enabled
Whether EDR data is enabled on the endpoint.
Last Proxy
The IP address and port number of proxy that was last used for communication between this agent and Cortex XDR.
Last Scan
Date and time of the last malware scan on endpoint.
Last Seen
Date and time of the last change in an agent's status. This can occur when Cortex XDR receives a periodic status report from the agent (once an hour), a user performed a manual Check In, or a security event occurred.
Changes to the agent status can take up to ten minutes to display on the Cortex XDR.
Last Used Proxy
Last proxy used on the endpoint.
Last Used Proxy Port
Last proxy port used on endpoint.
MAC
The endpoint MAC address that corresponds to the IP address.
Operating System
Name of operating system.
Operational Status
Cortex XDR agent operational status, either:
  • Protected
    —Indicates that the Cortex XDR agent is running as configured and did not report any exceptions to Cortex XDR.
  • Partially protected
    —Indicates that the Cortex XDR agent reported Cortex XDR one or more exceptions.
  • Unprotected
    —Indicates the Cortex XDR agent was shut down.
OS Description
Operating system version name.
OS Type
Name of the operating system.
OS Version
Operating system version number.
Platform
Platform architecture.
Proxy
IP address and port number of the configured proxy server.
Scan Status
Malware scan status, either:
  • None
    - No scan initiated
  • Pending
    - Scan in process.
  • Complete Successfully
    - Scan completed.
  • Pending Cancelation
    - Scan was aborted, waiting for cancellation action to reach endpoint.
Users
User that was last logged into the endpoint. On Android endpoints, the Cortex XDR app obtains the user from the email prefix specified during app activation.

Recommended For You