Cortex XDR Pro incorporates prevention, detection, security analytics, and response capabilities into a single platform. The Cortex Pro license is available in three license tiers allowing you to select the most suitable detection and protection capabilities, log ingestion, retention, and the number of users required. The license tiers can be used independently or together for more comprehensive coverage.
Each license tier offers the following investigation and response capabilities per endpoint:
Cortex XDR Pro per Endpoint
A comprehensive endpoint protection solution providing multi-layer protection and detection based on the Cortex XDR Prevent license. Utilizing device control, firewall protection, disk encryption, and data collection capabilities, Cortex XDR Pro per Endpoint allows you to effectively block and respond to malware, ransomware, behavioral-based, and exploit attacks.
The license offers tailored endpoint data and third-party logs collection to optimize detection and investigation visibility. For enhanced data collection, the Cortex XDR eXtended Threat Hunting Data (XTH) add-on expands the data collection to allow for more granular threat-hunting operations in your environment.
Cortex XDR Cloud per Host
A Cloud-based endpoint protection and detection license with tailored endpoint and third-party logs data collection. The license also provides Kubernetes support.
Along with the Cortex XDR eXtended Threat Hunting Data (XTH) add-on, you can expand the data collection to allow for more granular threat-hunting operations in your environment.
Cortex XDR Pro per GB
An innovative solution incorporating data ingestion from multiple sources for effective detection, security analytics, and response platform based on the Cortex XDR Pro per Endpoint license.
With the Cortex XDR Pro per GB license, in addition to collecting endpoint data, you can ingest numerous data sources for complete visibility over your network traffic, and user behavior. Applied together with the Cortex XDR Pro per Endpoint license the enhanced endpoint and third-party data ingestion, the Cortex XDR Pro per GB provides streamlined investigation techniques and extensive remediation analysis capabilities.
To expand your license capabilities, Cortex XDR offers several add-ons on top of the Cortex XDR Pro licenses that allow for more granular investigation.
The following table lists the add-ons available for purchase with each license type.
Cortex XDR Cloud per Host offers the same License add-ons as Cortex XDR Pro per Endpoint.
Cortex Pro per Endpoint
Cortex Pro per GB
Cortex XDR Pro Add-on Licenses
Extended Threat Hunting Data (XTH)
Advanced threat hunting based on extended data collection and analysis.
Host Inventory, Vulnerability Assessment, and File Search and Destroy capabilities.
Available for a one-month trial period.
Forensic File, Registry, and Log search capabilities.
Available for a one-month trial period. Can be purchased as an annual or monthly add-on with 30-day retention included.
Identity Threat Detection and Response (ITDR)
Enables Asset Roles Configuration, Advanced Analytics Alert layout, Risk Management Dashboard, User/Host Risk View, Designated Analytics for Compromised Accounts, and Insider Threat Coverage with embedded XTH capabilities.
Available for a free trial period ending on July 31, 2023. After this date, the module will be available as an Add-on.
Additional compute units to run queries.
Requires a minimum of 50 units. Available for a one-month trial period.
Endpoint Event Forwarding
GB Event Forwarding