Before a particular endpoint can become part of your
protected network, you must deploy the Cortex XDR agent on the endpoint
to enable its protection.
The Cortex XDR agent monitors endpoint activity
and collects endpoint data that Cortex XDR uses to raise alerts.
Before you can begin collecting endpoint data, you must deploy the
Cortex XDR agent and configure endpoint policy.
To use endpoint
management functions in Cortex XDR you must be assigned an administrative
role in the hub.
Verify the status of your Cortex XDR tenant.
From the hub, click the gear icon next to
In the Cortex area, review the
the tenant you just activated.
When Cortex XDR tenant is available, the status changes
to the green check mark.
Cortex XDR provides out-of-the box exploit and malware
protection. However, at minimum, you must enable
in an Agent Settings profile to leverage
endpoint data in Cortex XDR apps. Data collection for Windows endpoints
is available with Traps 6.0 and later releases and on endpoints
running Windows 7 SP1 and later releases. Data collection on macOS
and Linux endpoints are available with Traps 6.1 and later releases.
) Configure Device Control profiles to
restrict file execution on USB-connected devices.
Verify that the Cortex XDR agent can connect to your
Cortex XDR instance.
If successful, the Cortex XDR console displays a Connected
status. You can view the status of all agents on the
your Cortex XDR management console.
Configure the internal networks that you want Cortex
XDR to monitor.
From the Cortex XDR management console, navigate