View Host Insights

For each entity, Cortex XDR lists all the details about the entity and the details about the endpoint it applies to. For example, the default Services view lists a separate row for every service on every endpoint:
host-insights-services.png
Alternatively, to better understand the overall presence of each entity on the total number of endpoints, you can switch to aggregated view (click aggregate-icon.png ) and group the data by the main entity. For example, in the Services aggregated view, Cortex XDR groups all the services with the same CMD and the total number of endpoints it is defined for. To get a closer view on all endpoints, right-click and select
View affected endpoints
:
host-insights-services-aggregarted.png

View users insights

The Cortex XDR agent scans the endpoint and retrieves the list of users whose credentials are stored on the endpoint. To view User insights, from Cortex XDR go to
Add-ons
Host Insights
Users
. For each user, Cortex XDR lists all the following details:
Data
Description
User data
Identifying details about the user, such as name and SID.
Groups
Details about the account such as:
  • Whether it is an active account
  • The type of the account:
    • Temporary duplicate account
    • Normal account
    • Interdomain trust account
    • Workstation trust account
    • Server trust account
Users to Groups
Information about the password set for this user account: whether a password is required to login, whether the password is changeable, and whether the password has an expiration date.

View groups insights

The Cortex XDR agent scans the endpoints and retrieves a list of the user groups that are defined on the endpoint. To view Groups insights, from Cortex XDR go to
Add-ons
Host Insights
Groups
. For each users group, Cortex XDR lists identifying details, such as name, SID, and SID type.

View users to group mapping

In Users to Groups view, Cortex XDR maps users to all the user groups they belong to, listing each user-group mapping in a separate row. The details in this view are a combination of the User and Groups views. From Cortex XDR go to
Add-ons
Host Insights
User to Groups
.
For each users group, Cortex XDR lists identifying details, such as name, SID, and SID type.
  • Cortex XDR lists only users that belong to each group directly, and does not include users who belong to a group within the main group.
  • If a local users group includes a domain user (whose credentials are stored on the Domain Controller server and not on the endpoint), Cortex XDR will include this user in the user-to-group mapping, but will not include it in the users insights view.

View services insights

The Services view lists all the services that are installed on all your endpoints. To view the Services insights, from Cortex XDR go to
Add-ons
Host Insights
Services
. For each service, Cortex XDR lists all the following details:
Data
Description
Service identification data
Information about the service, such as the service name, type, and path.
Service runtime data
Listing details about the service runtime configuration and status:
  • Whether the service is currently running and what is the runtime state
  • Whether you can stop, pause, or delay the service start time
  • Whether the service requires interaction with the endpoint desktop
  • The name of the user who started the service and the start mode

View drivers insights

The Drivers view lists all the drivers that are installed on all your endpoints, To view the Drivers insights, from Cortex XDR go to
Add-ons
Host Insights
Drivers
. For each driver, Cortex XDR lists all the following details:
Data
Description
Driver identification data
Information about the driver, such as the driver name, type, and path.
Driver runtime data
Listing details about the driver runtime configuration:
  • The driver type
  • Whether the driver is currently running, in which mode, and the runtime state

View autoruns insights

In Autoruns view, Cortex XDR lists details about executables that start automatically when the user logs in or boots the endpoint. Cortex XDR monitors the autoruns configured in the endpoint Registry, startup folder, scheduled tasks, services, and drivers. To view Autoruns insights, from Cortex XDR go to
Add-ons
Host Insights
Autiruns
. For each autorun entity, Cortex XDR lists all the following details:
Data
Description
Autorun type
Information about where the autorun is configured on the endpoint:
  • Startup folder
  • Registry
  • Scheduled task
  • Service
  • Driver
Autorun configuration
Information about the autorun settings configured on the endpoint, such as startup method, CMD, user details, and image path.

View system information

In System Information view, Cortex XDR lists general hardware and software information about an endpoint. To view System information insights, from Cortex XDR go to
Add-ons
Host Insights
System Information
. For each endpoint, Cortex XDR lists all the following details:
Data
Description
Endpoint hardware data
Information about the endpoint hardware, such as manufacturer, model, physical memory, processors architecture, and CPU.
Endpoint software data
The operating system name and release running on the endpoint.

View shares insights

In Shares view, Cortex XDR lists details about all the Microsoft Windows network shared folders defined for each endpoint. To view Shares insights, from Cortex XDR go to
Add-ons
Host Insights
Shares
. For each endpoint, Cortex XDR lists all the following details:
Data
Description
Network share type
Shared network folder type:
  • Disk Drive
  • Print Queue
  • Device
  • IPC
  • Disk Drive Admin
  • Print Queue Admin
  • Device Admin
  • IPC Admin
Network share identification data
Identifying details about the endpoint, such as share name, description, and path.
Network share additional data
Whether the share is limited to a maximum number of shares, and the maximum number of allowed shares.

View disks insights

In Disks view, Cortex XDR lists details about all the disk volumes that exists on each endpoint. To view Disks insights, from Cortex XDR go to
Add-ons
Host Insights
Disks
. For each disk that exists on an endpoint, Cortex XDR lists details such as the drive type, name, file system, free space, and total size.

View host inventory and existing vulnerabilities

With Host insights
Vulnerability management
you can identify and quantify security vulnerabilities for applications installed on endpoints in your network. Cortex XDR provides a Host inventory that lists all applications installed on each endpoint, detects the presence of existing Common Vulnerabilities and Exposures (CVEs), and retrieves the latest data for each CVE from the NIST National Vulnerability Database to help you with your analysis and prioritization.
Use vulnerability management to easily mitigate and patch vulnerabilities on endpoints in your network.
See Hardened Endpoint Security for the list of all operating systems that support Vulnerability Management.

Recommended For You