Set up Endpoint Protection
The Cortex XDR agent monitors endpoint activity and collects endpoint data that Cortex XDR uses to raise alerts. Before you can begin collecting endpoint data, you must deploy the Cortex XDR agent and configure endpoint policy. To use endpoint management functions in Cortex XDR you must be assigned an administrative role in the hub.
- Verify the status of your Cortex XDR tenant.
- From the hub, click the gear icon next to your name.
- In the Cortex area, review theSTATUSfor the tenant you just activated.When Cortex XDR tenant is available, the status changes to the green check mark.
- (Optional) Set up Broker VM communication.
- Install the Cortex XDR agent on your endpoints.Install the agent software directly on an endpoint or use a software deployment tool of your choice (such as JAMF or GPO) to distribute and install the software on multiple endpoints.
- Define Endpoint Groups to which you can apply endpoint security policy.
- Customize your Endpoint Security Profiles and assign them to your endpoints.Cortex XDR provides out-of-the box exploit and malware protection. However, at minimum, you must enableData Collectionin an Agent Settings profile to leverage endpoint data in Cortex XDR apps. Data collection for Windows endpoints is available with Traps 6.0 and later releases and on endpoints running Windows 7 SP1 and later releases. Data collection on macOS and Linux endpoints are available with Traps 6.1 and later releases.
- (Optional) Configure Device Control profiles to restrict file execution on USB-connected devices.
- Verify that the Cortex XDR agent can connect to your Cortex XDR instance.If successful, the Cortex XDR console displays a Connected status. You can view the status of all agents on theof your Cortex XDR interface.EndpointsEndpoint Management
- Configure the internal networks that you want Cortex XDR to monitor.
- To view existing network segments, select the gear ( ) in the upper right corner and selectAnalytics Network Coverage Status. This page provides a table of the IP address ranges Cortex XDR Analytics monitors, which is pre-populated with the default IPv4 and IPv6 address spaces.Analytics ManagementStatus >
- Add ( ) a new segment and enter the first and last IP address of the range to monitor.
- Save ( ) the network segment. If the Configuration saved notification does not appear, save again.
Recommended For You
Recommended videos not found.