Network configuration - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-09
Category
Administrator Guide
Abstract

Cortex XDR Network Configuration provides a representation of your network assets by collecting and analyzing your network resources.

Network asset visibility is a crucial investigative tool for discovering rogue devices and preventing malicious activity within your network. The number of managed and unmanaged assets in your network provides vital information for assessing security exposure and tracking network communication effectively.

Cortex XDR Network Configuration accurately represents your network assets by collecting and analyzing the following network resources:

  • User-defined IP Address Ranges and Domain Names associated with your internal network.

  • EDR data collected by Firewall Logs.

  • Cortex XDR Agent Logs.

  • ARP Cache

  • Broker VM Network Mapper

  • Pathfinder Data Collector

In addition to the network resources, Cortex XDR allows you to configure a Windows Agent Profile to scan your endpoints using Ping. This scan provides updated identifiers of your network assets, such as IP addresses and OS platforms. The scan is automatically distributed by Cortex XDR to all the agents configured in the profile and cannot be initiated by request.

With the data aggregated by Cortex XDR Network Configuration, you can locate and manage your assets more effectively and reduce the amount of research required to:

  • Distinguish between assets managed and unmanaged by a Cortex XDR agent.

  • Identify assets that are part of your internal network.

  • Monitor network data communications both within and outside your network.