Learn more about the Cortex XDR Pro license.
Cortex XDR Pro incorporates prevention, detection, security analytics, and response capabilities into a single platform. The Cortex Pro license is available in three license tiers allowing you to select the most suitable detection and protection capabilities, log ingestion, retention, and the number of users required. The license tiers can be used independently or together for more comprehensive coverage.
Each license tier offers the following investigation and response capabilities per endpoint:
Cortex XDR Pro per Endpoint
A comprehensive endpoint protection solution providing multi-layer protection and detection based on the Cortex XDR Prevent license. Utilizing device control, firewall protection, disk encryption, and data collection capabilities, Cortex XDR Pro per Endpoint allows you to effectively block and respond to malware, ransomware, behavioral-based, and exploit attacks.
The license offers tailored endpoint data and third-party logs collection to optimize detection and investigation visibility. For enhanced data collection, the Cortex XDR eXtended Threat Hunting Data (XTH) add-on expands the data collection to allow for more granular threat-hunting operations in your environment.
Cortex XDR Cloud per Host
A Cloud-based endpoint protection and detection license with tailored endpoint and third-party logs data collection. The license also provides Kubernetes support.
Along with the Cortex XDR eXtended Threat Hunting Data (XTH) add-on, you can expand the data collection to allow for more granular threat-hunting operations in your environment.
Cortex XDR Pro per GB
An innovative solution incorporating data ingestion from multiple sources for effective detection, security analytics, and response platform based on the Cortex XDR Pro per Endpoint license.
With the Cortex XDR Pro per GB license, in addition to collecting endpoint data, you can ingest numerous data sources for complete visibility over your network traffic, and user behavior. Applied together with the Cortex XDR Pro per Endpoint license the enhanced endpoint and third-party data ingestion, the Cortex XDR Pro per GB provides streamlined investigation techniques and extensive remediation analysis capabilities.
To expand your license capabilities, Cortex XDR offers several add-ons on top of the Cortex XDR Pro licenses that allow for more granular investigation.
The following table lists the add-ons available for purchase with each license type.
Note
Cortex XDR Cloud per Host offers the same License add-ons as Cortex XDR Pro per Endpoint.
Feature | Cortex Pro per Endpoint | Cortex Pro per GB |
---|---|---|
Cortex XDR Pro Add-on Licenses | ||
Extended Threat Hunting Data (XTH) Advanced threat hunting based on extended data collection and analysis. | ✓ | Not applicable |
Host Insights Host Inventory, Vulnerability Assessment, and File Search and Destroy capabilities. Available for a one-month trial period. | ✓ | Not applicable |
Forensics Forensic File, Registry, and Log search capabilities. Available for a one-month trial period. Can be purchased as an annual or monthly add-on with 31-day retention included. | ✓ | Not applicable |
Identity Threat Detection and Response (ITDR) Enables Asset Roles Configuration, Advanced Analytics Alert layout, Risk Management Dashboard, User/Host Risk View, Designated Analytics for Compromised Accounts, and Insider Threat Coverage with embedded XTH capabilities. Available for a free trial period ending on July 31, 2023. After this date, the module will be available as an Add-on. | Not applicable | ✓ |
Compute Unit Additional compute units to run queries. Requires a minimum of 50 units. Available for a one-month trial period. | ✓ | ✓ |
Endpoint Event Forwarding | ✓ | Not applicable |
GB Event Forwarding | Not applicable | ✓ |