Set up Endpoint Protection

Before a particular endpoint can become part of your protected network, you must deploy the Cortex XDR agent on the endpoint to enable its protection.
The Cortex XDR agent monitors endpoint activity and collects endpoint data that Cortex XDR uses to raise alerts. Before you can begin collecting endpoint data, you must deploy the Cortex XDR agent and configure endpoint policy.
To use endpoint management functions in Cortex XDR you must be assigned an administrative role in the hub.
  1. Verify the status of your Cortex XDR tenant.
    1. From the hub, click the gear icon next to your name.
    2. In the Cortex area, review the
      for the tenant you just activated.
      When Cortex XDR tenant is available, the status changes to the green check mark.
  2. (
    ) Set up Broker VM communication.
  3. Install the Cortex XDR agent on your endpoints.
    Install the agent software directly on an endpoint or use a software deployment tool of your choice (such as JAMF or GPO) to distribute and install the software on multiple endpoints.
    1. Install the Cortex XDR agent.
      For instructions by operating system, see the or the
      Traps Agent Administrator’s Guide
      if you use an earlier version.
  4. Define Endpoint Groups to which you can apply endpoint security policy.
  5. Customize your Endpoint Security Profiles and assign them to your endpoints.
    Cortex XDR provides out-of-the box exploit and malware protection. However, at minimum, you must enable
    Data Collection
    in an Agent Settings profile to leverage endpoint data in Cortex XDR apps. Data collection for Windows endpoints is available with Traps 6.0 and later releases and on endpoints running Windows 7 SP1 and later releases. Data collection on macOS and Linux endpoints are available with Traps 6.1 and later releases.
  6. (
    ) Configure Device Control profiles to restrict file execution on USB-connected devices.
  7. Verify that the Cortex XDR agent can connect to your Cortex XDR instance.
    If successful, the Cortex XDR console displays a Connected status. You can view the status of all agents on the
    Endpoint Management
    of your Cortex XDR management console.
  8. Configure the internal networks that you want Cortex XDR to monitor.
    1. From the Cortex XDR management console, navigate to
      Network Configuration
      IP Address Ranges
    2. Define your IP Address Ranges.
      This page provides a table of the IP address ranges Cortex XDR Analytics monitors, which is pre-populated with the default IPv4 and IPv6 address spaces.
    3. Define your Domain Names.
  9. If you also have a Cortex XDR Pro per TB license, proceed to Set up Network Analysis. Otherwise, proceed to Configure Cortex® XDR™.

Recommended For You