XDR Collectors - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-01
Category
Administrator Guide
Abstract

Learn how XDR Collectors can be used for on-premise data collection on Windows and Linux machines.

Notice

Ingesting logs and data requires a Cortex XDR Pro per GB license.

Note

Ingestion of logs larger than 5 MB is not supported.

Cortex XDR provides an XDR Collectors (XDRC) configuration that is dedicated for on-premise data collection on Windows and Linux machines. The XDRC includes a dedicated installer, a collector upgrade configuration, content updates, and policy management. The XDRC is a data collector that gathers and processes logs and events from multiple sources. It leverages Elasticsearch Filebeat, a lightweight log shipper, to collect log data from various systems and applications. Additionally, Winlogbeat gathers Windows event logs, ensuring comprehensive visibility into Windows environments. These components facilitate centralized analysis, threat detection, and investigation across the Cortex XDR ecosystem.