Install and manage endpoints - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

Learn how to set up profiles, policies and other settings for endpoint protection, how to install Cortex XDR agent on endpoints, and how to manage them after installation.

Endpoint protection starts with the Cortex XDR agent that is installed on each endpoint in your environment. The agent package that you install on endpoints contains many settings that are configured by default, out-of-the-box, to enable you to get protection up and running quickly. However, these settings can also be modified and used in different combinations, by using profiles, which are then mapped to policies, and by configuring global settings.

Several endpoint management tasks can be performed remotely by administrators, from Cortex XDR. These include tasks such as applying tags and aliases to endpoints, upgrading the Cortex XDR agent, uninstalling and deleting the Cortex XDR agent, and more.

To stay up to date with the latest policy and endpoint status, Cortex XDR communicates regularly with your Cortex XDR agents. For example, when you upgrade your endpoints to the latest release, Cortex XDR creates an installation package and distributes it to the agent on their next communication. Similarly, the agent can send back data from the endpoint to Cortex XDR, such as data gathered on the endpoint or tech support files. In Cortex XDR, there are two types of communication.