Examples of the types of data that enhanced
application logs gather includes records of DNS queries, the HTTP
header User Agent field that specifies the web browser or tool used
to access a URL, and information about DHCP automatic IP address
assignment. With DHCP information, for example,
Cortex XDR™ can alert
on unusual activity based on hostname instead of IP address. This
allows the security analyst using Cortex XDR to meaningfully assess
whether the user’s activity is within the scope of his or her role,
and if not, to more quickly take action to stop the activity.