Set up Endpoint Protection - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Prevent Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide

Learn more about setting up your endpoint protection.

The Cortex XDR agent monitors endpoint activity and collects endpoint data that Cortex XDR uses to raise alerts. Before you can begin collecting endpoint data, you must enable access, deploy the Cortex XDR agent, and configure endpoint policy. To use endpoint management functions in Cortex XDR you must be assigned an administrative role in the hub.

  1. Verify the status of your Cortex XDR tenant.

    1. From the hub, click the gear icon next to your name.

    2. In the Cortex area, review the STATUS for the tenant you just activated.

      When your Cortex XDR tenant is available, the status changes to the green check mark.

  2. Plan Your Agent Deployment.

  3. Setup Access Services.

  4. Create an Agent Installation Package.

  5. Define Endpoint Groups.

  6. (Optional) Set up Proxy Communication.

  7. Customize your Endpoint Security Profiles and assign them to your endpoints.

  8. (Optional) Configure Device Control profiles to restrict access to USB-connected devices.

  9. Install the Cortex XDR agent on your endpoints.

    Install the agent software directly on an endpoint or use a software deployment tool of your choice (such as JAMF or GPO) to distribute and install the software on multiple endpoints.

  10. Verify that the Cortex XDR agent can connect to your Cortex XDR instance.

    If successful, Cortex XDR displays a Connected status. In your Cortex XDR console, navigate to EndpointsAll Endpoints to view the status of all your agents.