View Details About an Endpoint
You can view miscellaneous details about a particular
endpoint that you select.
The page
provides a central location from which you can view and manage the
endpoints on which the Cortex XDR agent is installed. The right-click
pivot menu that is available for each endpoint displays the actions
you can perform.
The
following table describes the list of actions you can perform on
your endpoints.
Field | Action |
|---|---|
Endpoint Control |
|
Endpoint Data |
|
The following table describes both the default
and additional optional fields that you can view in the Endpoints
table and lists. The table lists the fields in alphabetical order.
Field | Description |
|---|---|
| Check box to select one or more endpoints on
which to perform actions. |
Active Directory | Lists all Active Directory Groups and Organizational
Units to which the user belongs. |
Assigned Policy | Policy assigned to the endpoint. |
Auto Upgrade Status | When Agent Auto Upgrades are
enabled, indicates the action status is either:
|
Content Auto Update | Indicates whether automatic content updates
are Enabled or Disabled for
the endpoint. See Agent Settings profile. |
Content Rollout Delay (days) | If you configured delayed content rollout,
the number of days for delay is displayed here. See Agent Settings profile. |
Content Version | Content update version used with the Cortex
XDR agent. |
Disabled Capabilities | A list of the capabilities that were disabled
on the endpoint. To disable one or more capabilities,
right-click the endpoint name and select . Options
are:
You can disable these capabilities
during the Cortex XDR agent installation on the endpoint or through .
Disabling any of these actions is irreversible, so if you later
want to enable the action on the endpoint, you must uninstall the
Cortex XDR agent and install a new package on the endpoint.Endpoint Administration |
Domain | Domain or workgroup to which the endpoint belongs,
if applicable. |
Endpoint Alias | If you assigned an alias to represent the endpoint
in Cortex XDR, the alias is displayed here. To set an endpoint alias,
right-click the endpoint name, and select Change endpoint
alias . The alias can contain any of the following characters:
a-Z, 0-9, !@#$%^&()-'{}~_. |
Endpoint ID | Unique ID assigned by Cortex XDR that identifies
the endpoint. |
Endpoint Isolated | Isolation status, either:
|
Endpoint Name | Hostname of the endpoint. If the agent enables
Pro features, this field also includes a PRO badge.
For Anrdoid endpoints, the hostname comprises the <firstname >— <lastname >
of the registered user, with a separating dash. |
Endpoint Status | Registration status of the Cortex XDR agent
on the endpoint:
|
Endpoint Type | Type of endpoint: Mobile , Server ,
or Workstation . |
Endpoint Version | Versions of the Cortex XDR agent that runs
on the endpoint. |
First Seen | Date and time the Cortex XDR agent first checked
in (registered) with Cortex XDR. |
Golden Image ID | For endpoints with a System Type of Golden
Image, the image ID is a unique identifier for the golden image. |
Group Names | Endpoint Groups to which the endpoint is a
member, if applicable. See Define
Endpoint Groups. |
Incompatibility Mode | Cortex XDR agent incompatibility status, either:
When
Cortex XDR agents are compatible with the operating system and environment,
this field is blank. |
Isolation Date | Date and time of when the endpoint was Isolated .
Displayed only for endpoints in Isolated or Pending
Isolation Cancellation status. |
Install Date | Date and time at which the Cortex XDR agent
was first installed on the endpoint. |
Installation Package | Installation package name used to install the
Cortex XDR agent. |
Installation Type | Type of installation:
|
IP | Last known IPv4 or IPv6 address of the endpoint. |
Is EDR Enabled | Whether EDR data is enabled on the endpoint. |
Last Scan | Date and time of the last malware scan on endpoint. |
Last Seen | Date and time of the last change in an agent's
status. This can occur when Cortex XDR receives a periodic status
report from the agent (once an hour), a user performed a manual
Check In, or a security event occurred. Changes to the
agent status can take up to ten minutes to display on the Cortex
XDR. |
Last Used Proxy | The IP address and port number of proxy that
was last used for communication between the agent and Cortex XDR. |
Last Used Proxy Port | Last proxy port used on endpoint. |
MAC | The endpoint MAC address that corresponds to
the IP address. |
Network Location | ( Cortex XDR agent 7.1 and later for Windows
and Cortex XDR agent 7.2 and later for macOS and Linux ) Endpoint
location is reported by the Cortex XDR agent when you enable this
capability in the Agent Settings profile:
|
Operating System | Name of operating system. |
Operational Status | Cortex XDR agent operational status:
|
OS Description | Operating system version name. |
OS Type | Name of the operating system. |
OS Version | Operating system version number. |
Platform | Platform architecture. |
Proxy | IP address and port number of the configured
proxy server. |
Scan Status | Malware scan status, either:
|
Users | User that was last logged into the endpoint.
On Android endpoints, the Cortex XDR app identifies the user from
the email prefix specified during app activation. |
