Learn more about the available Cortex XDR licenses and add-ons.
The following provides a summary of what is included in the Cortex XDR license plans and add-ons:
Cortex XDR Prevent: A comprehensive endpoint protection solution providing multi-layer protection and detection capabilities. Cortex XDR Prevent can effectively block malware, ransomware, behavioral-based and exploit attacks. Additionally, this license includes device control, firewall protection, and disk encryption.
Cortex XDR Pro per Endpoint: This license offers tailored endpoint data and third-party logs collection to optimize detection and investigation visibility. For enhanced data collection, the Cortex XDR eXtended Threat Hunting Data (XTH) add-on expands the data collection to allow for more granular threat-hunting operations in your environment.
Cortex XDR Cloud per Host: A cloud-based endpoint protection and detection license with tailored endpoint and third-party logs data collection. The license also provides Kubernetes support.
Along with the Cortex XDR eXtended Threat Hunting Data (XTH) add-on, you can expand the data collection to allow for more granular threat-hunting operations in your environment.
Cortex XDR Pro per GB: Collects endpoint data, and can ingest numerous data sources for complete visibility over your network traffic, and user behavior. When combined with the Cortex XDR Pro per Endpoint license, the Cortex XDR Pro per GB license provides streamlined investigation techniques and extensive remediation analysis capabilities.
Add-ons | Cortex XDR Prevent | Cortex XDR Pro per Endpoint Cortex XDR Cloud per Host | Cortex XDR Pro per Gigabyte |
---|---|---|---|
Next-Generation Antivirus Block malware, ransomware, exploits, and fileless attacks | ✓ | ✓ | – |
Endpoint Protection Safeguard endpoints with device control, firewall, and disk encryption | ✓ | ✓ | – |
Detection and Response Pinpoint attacks with AI-driven analytics and coordinate response | – | ✓ | ✓ |
Managed Detection and Response Let Unit 42 experts work for you 24/7 to detect and respond to threats | – | ✓ | ✓ |
Managed Threat Hunting Let Unit 42 experts work for you 24/7 to discover advanced threats | – | ✓ | ✓ |
Host Insights Find vulnerabilities and sweep across endpoints to eradicate threats | – | ✓ | – |
Forensics Investigation Incidents swiftly with comprehensive forensics evidence | – | ✓ | – |
Third-Party Security Events Send security events from other data sources | – | ✓ | ✓ |
Third-Party Security Logs Send raw logs from other data sources | – | – | ✓ |
Network Traffic Analysis Syslog, Kafka, DB, CSV file, FTP, NetFlow, Windows events, Pathfinder | – | – | ✓ |
Prisma and PANW IoT Security Unify cloud and/or control system environments with XDR | – | – | ✓ |
Integrations Threat intelligence solutions, Slack, send Syslog | ✓ | ✓ | ✓ |
Security Analytics Apply machine learning and UEBA detections to security data | – | ✓ | ✓ |
Identity Threat Detection and Response (ITDR Module) Uncover hard-to-detect threats like insiders, lateral movement, credential compromise | – | – | ✓ |
eXtended Threat Hunting Data (XTHD Module) Collect rich data at the endpoint to support deep threat-hunting operations in an environment | – | ✓ | – |
To view the license types and add-ons associated with your Cortex XDR instance, go to → .
To keep you informed of updates made to your license and avoid service disruptions, Cortex XDR displays license notifications when you log in. The notification identifies any changes made to your license and describes any required actions.