Set up Endpoint Protection

The Cortex XDR agent monitors endpoint activity and collects endpoint data that Cortex XDR uses to raise alerts. Before you can begin collecting endpoint data, you must deploy the Cortex XDR agent and configure endpoint policy. To use endpoint management functions in Cortex XDR you must be assigned an administrative role in the hub.
  1. Verify the status of your Cortex XDR tenant.
    1. From the hub, click the gear icon next to your name.
    2. In the Cortex area, review the
      for the tenant you just activated.
      When Cortex XDR tenant is available, the status changes to the green check mark.
  2. (
    ) Set up Broker VM communication.
  3. Install the Cortex XDR agent on your endpoints.
    Install the agent software directly on an endpoint or use a software deployment tool of your choice (such as JAMF or GPO) to distribute and install the software on multiple endpoints.
    1. Install the Cortex XDR agent.
      For instructions by operating system, see the or the
      Traps Agent Administrator’s Guide
      if you use an earlier version.
  4. Define Endpoint Groups to which you can apply endpoint security policy.
  5. Customize your Endpoint Security Profiles and assign them to your endpoints.
    Cortex XDR provides out-of-the box exploit and malware protection. However, at minimum, you must enable
    Data Collection
    in an Agent Settings profile to leverage endpoint data in Cortex XDR apps. Data collection for Windows endpoints is available with Traps 6.0 and later releases and on endpoints running Windows 7 SP1 and later releases. Data collection on macOS and Linux endpoints are available with Traps 6.1 and later releases.
  6. (
    ) Configure Device Control profiles to restrict file execution on USB-connected devices.
  7. Verify that the Cortex XDR agent can connect to your Cortex XDR instance.
    If successful, the Cortex XDR console displays a Connected status. You can view the status of all agents on the
    Endpoint Management
    of your Cortex XDR interface.
  8. Configure the internal networks that you want Cortex XDR to monitor.
    1. Log in to your Cortex XDR app either using the direct link or from the Cortex XDR tile on the hub.
    2. To view existing network segments, select the gear ( gear.png ) in the upper right corner and select
      Analytics Management
      Status >
      Analytics Network Coverage Status. This page provides a table of the IP address ranges Cortex XDR Analytics monitors, which is pre-populated with the default IPv4 and IPv6 address spaces.
    3. To add custom network segments, select
      and then Network Segments Configuration.
    4. Add ( add-icon.png ) a new segment and enter the first and last IP address of the range to monitor.
    5. Save ( save-icon.png ) the network segment. If the Configuration saved notification does not appear, save again.
  9. If you also have a Cortex XDR Pro per TB license, proceed to Set up Network Analysis. Otherwise, proceed to Configure XDR.

Recommended For You