Cortex XDR Pro License - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2024-07-16
Last date published
2024-12-04
Category
Administrator Guide
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XDR/Cortex-XDR-Documentation
Abstract

Learn more about the Cortex XDR Pro license.

Cortex XDR Pro incorporates prevention, detection, security analytics, and response capabilities into a single platform. The Cortex Pro license is available in three license tiers allowing you to select the most suitable detection and protection capabilities, log ingestion, retention, and the number of users required.  The license tiers can be used independently or together for more comprehensive coverage.

Each license tier offers the following investigation and response capabilities per endpoint:

  • Cortex XDR Pro per Endpoint

    A comprehensive endpoint protection solution providing multi-layer protection and detection based on the Cortex XDR Prevent license. Utilizing device control, firewall protection, disk encryption, and data collection capabilities, Cortex XDR Pro per Endpoint allows you to effectively block and respond to malware, ransomware, behavioral-based, and exploit attacks.

    The license offers tailored endpoint data and third-party logs collection to optimize detection and investigation visibility. For enhanced data collection, the Cortex XDR eXtended Threat Hunting Data (XTH) add-on expands the data collection to allow for more granular threat-hunting operations in your environment.

  • Cortex XDR Cloud per Host

    A Cloud-based endpoint protection and detection license with tailored endpoint and third-party logs data collection. The license also provides Kubernetes support.

    Along with the Cortex XDR eXtended Threat Hunting Data (XTH) add-on, you can expand the data collection to allow for more granular threat-hunting operations in your environment.

  • Cortex XDR Pro per GB

    An innovative solution incorporating data ingestion from multiple sources for effective detection, security analytics, and response platform based on the Cortex XDR Pro per Endpoint license.

    With the Cortex XDR Pro per GB license, in addition to collecting endpoint data, you can ingest numerous data sources for complete visibility over your network traffic, and user behavior. Applied together with the Cortex XDR Pro per Endpoint license the enhanced endpoint and third-party data ingestion, the Cortex XDR Pro per GB provides streamlined investigation techniques and extensive remediation analysis capabilities.

To expand your license capabilities, Cortex XDR offers several add-ons on top of the Cortex XDR Pro licenses that allow for more granular investigation.

The following table lists the add-ons available for purchase with each license type.

Note

Cortex XDR Cloud per Host offers the same License add-ons as Cortex XDR Pro per Endpoint.

Feature

Cortex Pro per Endpoint

Cortex Pro per GB

Cortex XDR Pro Add-on Licenses

Extended Threat Hunting Data (XTH)

Advanced threat hunting based on extended data collection and analysis.

Not applicable

Host Insights

Host Inventory, Vulnerability Assessment, and File Search and Destroy capabilities.

Available for a one-month trial period.

Not applicable

Forensics

Forensic File, Registry, and Log search capabilities.

Available for a one-month trial period. Can be purchased as an annual or monthly add-on with 31-day retention included.

Not applicable

Identity Threat Detection and Response (ITDR)

Enables Asset Roles Configuration, Advanced Analytics Alert layout, Risk Management Dashboard, User/Host Risk View, Designated Analytics for Compromised Accounts, and Insider Threat Coverage with embedded XTH capabilities.

Available for a free trial period ending on July 31, 2023. After this date, the module will be available as an Add-on.

Not applicable

Compute Unit

Additional compute units to run queries.

Requires a minimum of 50 units. Available for a one-month trial period.

Endpoint Event Forwarding

Not applicable

GB Event Forwarding

Not applicable