Activate the Network Mapper - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide
Product
Cortex XDR
License
Pro
Creation date
2023-03-22
Last date published
2023-09-21
Category
Administrator Guide

After you have configured and registered your Broker VM, you can choose to activate the Network Mapper application.

The Network Mapper allows you to scan your network to detect and identify unmanaged hosts in your environment according to defined IP address ranges. The Network Mapper configurations are used to locate unmanaged assets that appear in the Assets table.

Note

Activating the Network Mapper requires a Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB license.

  1. Select SettingsConfigurationsData BrokerBroker VMs.

  2. In either the Brokers tab or the Clusters tab, locate your Broker VM.

  3. You can either right-click the Broker VM and select Add AppNetwork Mapper, or hover in the APPS column, and select AddNetwork Mapper.

  4. In the Activate Network Mapper window, define the following parameters:

    • Scan Method—Select the either ICMP echo or TCP SYN scan method to identify your network hosts. When selecting TCP SYN you can enter single ports and ranges together, for example 80-83, 443.

    • Scan Requests per Second—Define the maximum number of scan requests you want to send on your network per second. By default, the number of scan requests are defined as 1000.

      Note

      Each IP address range can receive multiple scan requests based on it's availability.

    • Scanning Scheduler—Define when you want to run the network mapper scan. You can select either daily, weekly, or monthly at a specific time.

    • Scanned Ranges—Select from the list of exiting IP address ranges to scan. Make sure to network-mapper-enter.png after each selection.

      Note

      IP address ranges are displayed according to what you defined as your Network Parameters.Configure Your Network Parameters

  5. Activate the applet.

    After a successful activation, the APPS field displays Network Mapper with a green dot indicating a successful connection.

  6. In the APPS field, hover over the Network Mapper connection to view the following scan and applet metrics:

    • Scan Details

      • Connectivity Status—Whether the applet is connected to Cortex XDR .

      • Scan Status—State of the scan.

      • Scan Start Time—Timestamp of when the scan started.

      • Scan Duration—Period of time in minutes and seconds the scan is running.

      • Scan Progress—How much of the scan has been completed in percentage and IP address ratio.

      • Detected Hosts—Number of hosts identified from within the IP address ranges.

      • Scan Rate—Number of IP addresses scanned per second.

    • Applet Metrics

      • Resources—Displays the amount of CPU, Memory, and Disk space the applet is using.

  7. Manage the Network Mapper.

    After the network mapper has been activated, hover over the Network Mapper connection in the APPS column to display the Network Mapper settings, and select:

    • Configure to redefine the network mapper configurations.

    • Scan Now to initiate a scan.

    • Deactivate to disable the network mapper.