From the Cortex XDR management console, you can manage your different network assets.
Cortex XDR provides a central location from which you can view and investigate information relating to assets in your network. Using your defined internal network configurations, Broker VM Network Mapper, Cortex XDR agent, EDR data collected from firewall logs, and logs from third-party vendors, Cortex XDR is able to aggregate and display a list of all the assets located within your network. As soon as Cortex XDR begins receiving network assets, you can view the data in → .
The following are some of the main features available to you on these pages.
When any row in the table is selected, a side panel on the right with greater details is displayed, where you can view additional data divided by sections. The section heading names and data displayed change depending on the source of the assets.
Depending on the cell you’ve selected in the table, different right-click pivot menus are available, such as Open IP View and Open in Quick Launcher.
You can export the tables and respective asset views to a tab-separated values (TSV) file.
You can toggle between the Legacy View and Advanced View on the page. The Legacy View displays a list of all the assets located within your network according to their IP address., while the
Advanced View (default)—Includes the following features:
You can view the data in a table format by accessing the pages for All Assets and Specific Assets, including On-Prem Assets and Cloud Compute Instances.
The table columns provide newly structured data with updated filtering capabilities to improve your asset visibility.
When any row in a table is selected, a side panel on the right with greater details is displayed, where you can view additional data divided by sections. The section heading names and data displayed change depending on the source of the assets.
Depending on the cell you’ve selected in the table, different right-click pivot menus are available, such as Open IP View and Open in Quick Launcher.
You can export the tables and respective asset views to a tab-separated values (TSV) file.
To easily investigate your asset inventory using the Legacy View.
Select
→ .In the Page layout notification, toggle to the Legacy view.
Filter and review your assets.
By default, the Assets table is filtered according to unmanaged assets over the last 7 days. The following table describes both the default and optional fields in the table, and the network prerequisites required by Cortex XDR to retrieve the data.
Field
Description
Prerequisites
AGENT ID
The ID of the agent installed on the asset. Cortex XDR only displays agents that send EDR data captured in the firewall logs.
AGENT INSTALLED
Whether or not the asset has an agent installed.
AGENT VERSION
The version of the agent installed on the asset. Cortex XDR only displays agents that send EDR data captured in the firewall logs.
COLLECTOR RUNNING
Whether or not a Pathfinder Data Collector is currently running on the asset.
FIRST TIME SEEN
Timestamp of when the IP address was first seen in the logs.
HOST NAME
Host name of the asset, if available.
The asset requires at least one of the following.
An installed Cortex XDR agent
A running Cortex XDR collector
A Global Protect client 9.1 or a later release, configured to send HIP Match logs
Associated DHCP logs covering this asset are sent to Cortex XDR
IP ADDRESS
IP address related to the last asset associated with it.
LAST TIME SEEN
Timestamp of when the IP address was last seen in the logs.
MAC ADDRESS
Mac address of the asset.
The asset requires at least one of the following:
An installed Cortex XDR agent
A running Cortex XDR collector
For Mac endpoints, a Global Protect client 9.1 or a later release, configured to send HIP Match logs
Associated DHCP logs covering this asset are sent to Cortex XDR
MAC ADDRESS VENDOR
Vendor name of the Mac address of the asset.
The asset requires at least one of the following:
An installed Cortex XDR agent
A running Cortex XDR collector
For Mac endpoints, a Global Protect client 9.1 or a later release, configured to send HIP Match logs
Associated DHCP logs covering this asset are sent to Cortex XDR
PLATFORM
Platform running on the asset.
The asset requires at least one of the following:
An installed Cortex XDR agent
A running Cortex XDR collector
A Global Protect client 9.1 or a later release, configured to send HIP Match logs
RANGE NAMES
Name of the IP address range allocated to the IP address.
You can export your filtered results to a TSV file.