Cortex Cloud enables runtime monitoring within a cloud environment by embedding Cortex XDR agent directly into the code of the serverless function. This allows for real-time monitoring of code execution, processes, networking, and filesystem activity, along with the enforcement of policies to permit or deny these actions. This in-depth runtime visibility enhances the overall security of your serverless functions.
Policy violations are detected and logged in Cortex Issues to allow for effective scoping and analysis in order to thoroughly assess the issues.
Use cases
Visibility of policy violations in issues: Use the Issues entity to view the policy violations of serverless functions that have occurred. You can drill down and view information such as region, cloud function runtime, the specific serverless function name which indicates the issue that’s occurred, cloud function request id which is the instance id from the cloud provider.
Monitor serverless functions in your cloud environment: After embedding the agent in the function, the agent monitors for policy violations as defined in the profile you have configured.
Supported platforms
Runtime protection for serverless functions is available for Cortex Cloud Runtime Security, Cortex XSIAM Premium, Cortex XSIAM Enterprise, and Cortex XSIAM NG Siem licenses.
Supported runtime environments: Python, Node.js.
Supported architecture: x86_64
Supported cloud provider: Amazon Web Services (AWS)
User roles and permissions
Granting access and configuration permissions to serverless function capabilities in the Cortex tenant, you must verify that the user has the correct settings in the linked role.
Go to ++ → .
Go to the relevant role, right-click and select Edit Role and in the Components tab, verify under Inventory, that Agent Profiles, Agent Installations and Agent Extension Policies are configured to View/Edit.