Understand Cortex XDR license plans - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-01
Category
Administrator Guide
Abstract

Learn more about the available Cortex XDR licenses and add-ons.

The following provides a summary of what is included in the Cortex XDR license plans and add-ons:

  • Cortex XDR Prevent: A comprehensive endpoint protection solution providing multi-layer protection and detection capabilities. Cortex XDR Prevent can effectively block malware, ransomware, behavioral-based and exploit attacks. Additionally, this license includes device control, firewall protection, and disk encryption.

  • Cortex XDR Pro per Endpoint: This license offers tailored endpoint data and third-party logs collection to optimize detection and investigation visibility. For enhanced data collection, the Cortex XDR eXtended Threat Hunting Data (XTH) add-on expands the data collection to allow for more granular threat-hunting operations in your environment.

  • Cortex XDR Cloud per Host: A cloud-based endpoint protection and detection license with tailored endpoint and third-party logs data collection. The license also provides Kubernetes support.

    Along with the Cortex XDR eXtended Threat Hunting Data (XTH) add-on, you can expand the data collection to allow for more granular threat-hunting operations in your environment.

  • Cortex XDR Pro per GB: Collects endpoint data, and can ingest numerous data sources for complete visibility over your network traffic, and user behavior. When combined with the Cortex XDR Pro per Endpoint license, the Cortex XDR Pro per GB license provides streamlined investigation techniques and extensive remediation analysis capabilities.

Add-ons

Cortex XDR Prevent

Cortex XDR Pro per Endpoint

Cortex XDR Cloud per Host

Cortex XDR Pro per Gigabyte

Next-Generation Antivirus

Block malware, ransomware, exploits, and fileless attacks

–­

Endpoint Protection

Safeguard endpoints with device control, firewall, and disk encryption

–­

Detection and Response

Pinpoint attacks with AI-driven analytics and coordinate response

–­

Managed Detection and Response

Let Unit 42 experts work for you 24/7 to detect and respond to threats

–­

Managed Threat Hunting

Let Unit 42 experts work for you 24/7 to discover advanced threats

–­

Host Insights

Find vulnerabilities and sweep across endpoints to eradicate threats

–­

–­

Forensics Investigation

Incidents swiftly with comprehensive forensics evidence

–­

–­

Third-Party Security Events

Send security events from other data sources

–­

Third-Party Security Logs

Send raw logs from other data sources

–­

–­

Network Traffic Analysis

Syslog, Kafka, DB, CSV file, FTP, NetFlow, Windows events, Pathfinder

–­

–­

Prisma and PANW IoT Security

Unify cloud and/or control system environments with XDR

–­

–­

Integrations

Threat intelligence solutions, Slack, send Syslog

Security Analytics

Apply machine learning and UEBA detections to security data

–­

Identity Threat Detection and Response (ITDR Module) Uncover hard-to-detect threats like insiders, lateral movement, credential compromise

–­

–­

eXtended Threat Hunting Data (XTHD Module)

Collect rich data at the endpoint to support deep threat-hunting operations in an environment

–­

–­

To view the license types and add-ons associated with your Cortex XDR instance, go to SettingsCortex XDR License.

XDRlicenses.png

To keep you informed of updates made to your license and avoid service disruptions, Cortex XDR displays license notifications when you log in. The notification identifies any changes made to your license and describes any required actions.