Endpoints Table - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2024-07-16
Last date published
2024-12-12
Category
Administrator Guide
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XDR/Cortex-XDR-Documentation
Abstract

You can view details and an overview of all your endpoints.

The EndpointsAll Endpoints page provides a central location from which you can view and manage the endpoints on which the agent is installed.

To ensure the All Endpoints table is displaying the most useful list of endpoints, you can perform a one-time or periodic cleanup of duplicated entities of the same endpoint from the table. After the cleanup, duplicated entities are removed leaving only one endpoint entry - the last endpoint to connect with the server. Deleted endpoint data is retained for 90 days from the last connection timestamp. If a deleted endpoint reconnects, Cortex XDR recovers and redisplays the endpoint’s existing data.

Navigate to SettingsConfigurationsGeneralAgent ConfigurationsEndpoint Administration Cleanup. Enable the Periodic duplicate cleanup and select to either run one-time cleanup or define to run according to the Host Name, Host IP Address, and/or MAC Address fields every 6 hours, 12 hours, 1 day, or 7 days.

To investigate a single endpoint, right click it, select Endpoint Data , and open the Asset view.

Manage Endpoints

The right-click pivot menu that is available for each endpoint displays the actions you can perform. The following table describes the list of actions you can perform on your endpoints.

Field

Action

Endpoint Control

  • Open in interactive mode

  • Perform Heartbeat

  • Change Endpoint Alias

  • Upgrade Agent Version

    Warning

    You cannot upgrade VDI endpoints.

  • Retrieve Support File

  • Collect Detailed Host Firewall Logs

  • Triage Endpoint

  • Set Endpoint Proxy

  • Uninstall Agent

  • Delete Endpoint

  • Disable Capabilities (Live Terminal, Script Execution, and File Retrieval)

  • Include / Exclude endpoints from auto upgrade

  • Clear the Agent database

    Available only when using debugging mode (Alt+Right-Click)

  • Assign and Remove endpoint tags

  • Send Push Notification (iOS App)

  • Manage Agent Tokens

Security Operations

Endpoint Data

  • Open Asset View

  • View Incidents (in same tab or new tab)

  • View Endpoint Policy

  • View Actions

  • View Endpoint Logs

View Endpoint Data

The following table describes both the default and additional optional fields that you can view in the All Endpoints table and lists. Clicking on a row in the All Endpoints table opens a detailed view of the endpoint.