After you have configured and registered your Broker VM, activate the Pathfinder application.
Note
To activate Pathfinder, you must have a Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB license.
The Pathfinder applet isn't supported when configuring Broker VMs in high availability (HA) clusters.
Pathfinder is a highly recommended, but optional component integrated with the Broker VM that deploys a non-persistent data collector on network hosts, servers, and workstations that are not managed by a Cortex XDR agent. The collector is automatically triggered by Analytics type alerts with a severity of High and Medium as described in the Cortex XDR Analytics Reference Guide, providing insights into assets that you would previously be unable to scan.
When an alert is triggered, the data collector is able to run for up to 2 weeks gathering EDR data from unmanaged hosts. You can track and manage the collector directly from the Cortex XDR console, and investigate the EDR data by running a query from the Query Center.
Prerequisites
Before activating Pathfinder, ensure to review and implement the applicable prerequisites:
Cortex XDR supports activating Pathfinder on Windows operating systems with PowerShell version 3 and above, excluding Vanilla Windows 7. Verify these requirements wherever you want to activate Pathfinder.
Your network needs to be configured by defining your internal IP address ranges as the Pathfinder configuration must contain at least one IP address range to run. To avoid a collision, IP address ranges can only be associated with one pathfinder applet. For more information on configuring your network with an IP address range, see Configure Your Network Parameters.
When using Kerberos as the Authentication Method for the Pathfinder Credentials, confirm that you have a reverse DNS zone and reverse DNS records on your DNS server.
Verify connectivity between all your networks.
The Broker VM requires a Service Account (SA) that has administrator privileges on all Windows workstations and servers in your environment. Due to this, Cortex XDR recommends you limit the number of users granted access to the SA account as it poses a credential compromise security threat.