Activate Network Mapper - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

Learn more about activating the Network Mapper to scan your network.

Notice

Activating the Network Mapper requires a Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB license.

Danger

After you have configured and registered your Broker VM, you can choose to activate the Network Mapper application.

The Network Mapper allows you to scan your network to detect and identify unmanaged hosts in your environment according to defined IP address ranges. The Network Mapper configurations are used to locate unmanaged assets that appear in the Asetts table..

  1. Select SettingsConfigurationsData BrokerBroker VMs.

  2. Do one of the following:

    • On the Brokers tab, find the Broker VM, and in the APPS column, left-click AddNetwork Mapper.

    • On the Clusters tab, find the Broker VM, and in the APPS column, left-click AddNetwork Mapper.

  3. In the Activate Network Mapper window, define the following parameters:

    Field

    Description

    Scan Method

    Select the either ICMP echo or TCP SYN scan method to identify your network hosts. When selecting TCP SYN you can enter single ports and ranges together, for example 80-83, 443.

    Scan Requests per Second

    Define the maximum number of scan requests you want to send on your network per second. By default, the number of scan requests are defined as 1000.

    Note

    Each IP address range can receive multiple scan requests based on it's availability.

    Scanning Scheduler

    Define when you want to run the network mapper scan. You can select either daily, weekly, or monthly at a specific time.

    Scanned Ranges

    Select from the list of exiting IP address ranges to scan. Make sure to network-mapper-enter.png after each selection.

    Note

    IP address ranges are displayed according to what you defined as your Network Parameters.

  4. Activate the applet.

    After a successful activation, the APPS field displays Network Mapper with a green dot indicating a successful connection.

  5. In the APPS field, left-click the Network Mapper connection to view the following scan and applet metrics:

  6. Manage the Network Mapper.

    After the network mapper has been activated, left-click the Network Mapper connection in the APPS column to display the Network Mapper settings, and select:

    • Configure to redefine the network mapper configurations.

    • Scan Now to initiate a scan.

    • Deactivate to disable the network mapper.