Step 6: Perform health checks - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

Learn which health checks to perform after deployment.

As part of the onboarding process, it is recommended to perform the following health checks:

  • Update prevention policies: Update policies and profiles and ensure that all action modes are set to Block. For more information, see Set up endpoint profiles and exception rules in the Cortex XDR Administrator Guide.

  • Monitor operational status: Verify that Cortex XDR agents are protecting endpoints according to predefined security policies and profiles. For more information, see Monitor agent operational status in Cortex XDR.

  • Test sample malware: Use a malware PE, MacOSX, or APK test file, to test end-to-end WildFire sample processing. For more information see, Get a Malware Test File.

  • Validate detectors for alerts and incidents: Check alerts and their associated alert sources. Validate that all the configurations on the policy level and on the agent deployment level meet the requirements to generate alerts and incidents on Cortex XDR. For example, check the following:

    • Cortex XDR agent generates WildFire malware alerts.

    • NFGW alerts are listed by PAN NGFW.

  • Validate log ingestion from external integrations: Verify what datasets are being created. The Dataset Management page enables you to manage your datasets and understand your overall data storage duration for different retention periods and datasets based on your Hot and Cold Storage licenses, and retention add-ons to extend your storage. For more information, see Data storage lifecycle.