Run scripts on an endpoint - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-01
Category
Administrator Guide
Abstract

Execute Python scripts from Cortex XDR directly on the endpoint to perform actions, retrieve data, and retrieve files.

Notice

This functionality requires a Cortex XDR Pro license.

For enhanced endpoint remediation and endpoint management, you can run Python 3.7 scripts on your endpoints directly from Cortex XDR . For commonly used actions, Cortex XDR provides out-of-the-box scripts. You can also write and upload your own Python scripts and code snippets into Cortex XDR for custom actions. Cortex XDR enables you to manage, run, and track the script execution on the endpoints, as well as store and display the execution results per endpoint.

Danger

  • Cortex XDR Pro Per Endpoint license

  • Endpoints running the Agent v7.1 and later. Since the agent uses its built-in capabilities and many available Python modules to execute the scripts, no additional setup is required on the endpoint.

  • Role in the hub with the following permissions to run and configure scripts:

    • Run Standard scripts

    • Run High-risk scripts

    • Script configuration (required to upload a new script, run a snippet, and edit an existing script)

    • Scripts (required to view the Scripts Library and the script execution results)

    Note

    Running snippets requires both Run High-risk scripts and Script configuration permissions. Additionally, all scripts are executed as System User on the endpoint.