Host Insights

With Host insights, you gain full visibility and inventory into the business and IT operational data on all your Windows endpoints. By reviewing inventory for all your hosts in a single place, you can quickly identify IT and security issues that exist in your network, such as identifying a suspicious service or autorun that were added to an endpoint. The Cortex XDR agent scans the endpoint every 24 hours for any updates. Alternatively, you can re-scan the endpoint to retrieve the most updated data.
The following are prerequisites to enable Host inventory for your Cortex XDR instance:
  • Provision an active Cortex XDR Pro per Endpoint license.
  • Verify the Cortex XDR Host Insights Add-on is enabled on your tenant.
  • Ensure that you are running a Cortex XDR agent 7.1 or later release.
  • Ensure the endpoint is a Windows endpoint.
  • Ensure Cortex XDR Endpoint Data Collection is enabled for your Cortex XDR agents.
It can take Cortex XDR up to 6 hours to collect initial host insights data from all endpoints in your network.
For Host insights, go to
Host Insights
. Cortex XDR displays the following entities and information for all Windows endpoints:
Details about all users defined on an endpoint.
Details about all user groups defined on an endpoint.
Users to Groups
A list mapping all the users, local and in your domain, to the existing user groups on an endpoint.
Details about all the services running on an endpoint.
Details about all the drivers installed on an endpoint.
Details about executables that start automatically when the user logs in or boots the endpoint, which are configured in the endpoint Registry, startup folders, scheduled tasks, services, and drivers.
System Information
General system information about an endpoint.
Details about Microsoft Windows network shared folders defined on an endpoint.
Details about the disk volumes that exist on an endpoint.

Recommended For You