Set up Cortex XDR Pro Overview

Before you can use Cortex XDR for advanced detection and response, you must activate the Cortex XDR app and set up related apps and services. You must perform the setup activities as shown in the following image. Some steps are required only if you have the corresponding license type.
cortex-xdr-pro-setup-overview.png
  1. As part of your planning, ensure that you or the person who is activating Cortex apps has the appropriate roles.
  2. (
    Cortex XDR Pro - Network
    ) Activate your Network Devices.
  3. Activate Cortex XDR and related apps and services.
    1. Gather your Auth codes.
    2. Activate Cortex XDR.
    3. Activate Cortex Data Lake (if not using an existing instance).
    4. (
      Optional
      ) Create a Directory Sync Service instance
    5. Review log storage.
  4. (
    Cortex XDR Pro - Endpoint
    ) Set up Endpoint Protection.
    1. Plan your Cortex XDR agent deployment.
    2. Create Cortex XDR agent installation packages
    3. Define endpoint groups.
    4. Deploy the Cortex XDR agent to your endpoints.
    5. Configure your endpoint security policy.
  5. (
    Cortex XDR Pro - Network
    ) Set up Network Analysis.
    1. Perform any remaining setup of your network sensors.
    2. Configure the internal networks that you want Cortex XDR to monitor.
    3. Verify that Cortex XDR is receiving alerts.
    4. Set up Pathfinder.
    5. If you set up a Directory Sync Service instance, enable Cortex XDR to use it.
    1. (
      Optional
      ) Integrate additional threat intelligence.
    2. After 24 hours, enable Cortex XDR Analytics Analysis.
      1. Configure Network Coverage.
      2. (
        Recommended
        ) Set up Pathfinder to interrogate endpoints that do not have EDR or that do not have the Cortex XDR agent installed.
    3. Define alert exclusions.
    4. Prioritize incidents based on attributes by creating an incident starring policy.
    5. Import or configure rules for known BIOC and IOCs.

Related Documentation