Configure Your Network Parameters - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2023-10-31
Last date published
2024-02-25
Category
Administrator Guide
Abstract

Define the IP address ranges and domain names used byCortex XDR to identify your network assets.

To track and identify assets in your network, you need to define your internal IP address ranges and domain names to enable Cortex XDR to analyze, locate, and display assets.

Define IP Address Ranges
  1. In Cortex XDR , select AssetsNetwork ConfigurationIP Address Ranges.

  2. Define an IP Address Range.

    By default, Cortex XDR creates Private Network ranges that specify reserved industry approved ranges. Private Network ranges are marked with a assets-private-network.png icon and can only have the name edited.

    To Add New Range select either.

    • Create New

      • In the Create IP Address Rage pop-up, enter the IP address Name and IP Address Range or CIDR values.

        Note

        You can add a range which is fully contained in an existing range, however you cannot add a new range which partially intersect with another range.

        The range names you define will appear when investigating the network related events within the Cortex XDR console.

      • Save your definitions.

    • Upload from File

      • In the Upload IP Address Ranges pop-up, drag and drop or search for a CSV file listing the IP address ranges. Download example file to view the correct format.

      • Add your list of IP address ranges.

  3. Review your IP address ranges.

    After you named and defined your IP address ranges, review the following information:

    The IP Address Ranges table displays the following fields:

    • Range Name—Name of the IP address range you define.

    • First IP Address—First IP address value of the defined range.

    • Last IP Address—Last IP address value of the defined range.

    • Active Assets—Number of assets located within the defined range that are have reported Cortex XDR Agent logs or appeared in your Network Firewall Logs.

    • Active Manged Assets—Number of assets located within the defined range that are reported Cortex XDR Agent logs.

    • Modified By—User name of user who last changed the range.

    • Modification Time—Timestamp of when this range was last changed.

  4. Manage your IP address ranges.

    In the IP Address Ranges table, locate your range and select:

    • Edit range—Edit the IP address configurations. Changes made will effect the Broker VM Network Mapper. For more information, see Activate the Network Mapper .

    • Delete range—Delete the IP address range.

Define Domain Names
  1. In Cortex XDR , select AssetsNetwork ConfigurationInternal Domain Suffixes.

  2. In the Internal Domain Suffixes section, +Add the domain suffix you want to include as part of your internal network. For example, acme.com.

  3. Select network-mapper-enter.png to add to the Domains List.