Plan Your Deployment - Administrator Guide - Cortex XDR - Cortex XSIAM - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2023-05-22
Last date published
2023-05-22
Category
Administrator Guide

Before you get started with Cortex XDR, plan your deployment.

Deployment Type

Deployment Considerations

New Cortex XDR tenants

  • Determine the amount of log storage you need for your Cortex XDR deployment. Talk to your Partner or Sales Representative to determine whether you must purchase additional storage within the Cortex XDR tenant.

  • Determine the region in which you want to host Cortex XDR and any associated services, such as Directory Sync Service.

    Note

    If you plan to stream data from a Cortex Data Lake instance, it must be in the same region as Cortex XDR.

    • US—All Cortex XDR logs and data remain within the US boundary.

    • UK—All Cortex XDR logs and data remain within the UK boundary.

    • EU—All Cortex XDR logs and data remain within the Europe boundary.

    • SG—All Cortex XDR logs and data remain within the Singapore boundary.

    • JP—All Cortex XDR logs and data remain within the Japan boundary.

    • CA—All Cortex XDR logs and data remain within the Canada boundary. However, if you have a WildFire Canada cloud subscription, consider the following:

      • You can not send file submissions for bare-metal analysis.

      • You will not be protected against macOS-borne zero-day threats. However, you will receive protection against other macOS malware in regular WildFire updates.

      • You will not be able to see file submissions in AutoFocus.

    • AU—All Cortex XDR logs and data remain within the Australia boundary.

    • DE—All Cortex XDR logs and data remain within the Germany boundary.

    • IN—All Cortex XDR logs and data remain within the India boundary. However, if you have a WildFire India cloud subscription, consider the following:

      • When the Cortex XDR agent identifies unknown files, Cortex XDR sends the files to the WildFire Singapore Cloud for analysis. Starting October 2021 Cortex XDR will integrate with WildFire located in India to allow you to keep all Cortex XDR Agent WildFire traffic within the Indian boundary.

      Note

      After the migration, the WildFire India portal will not display information for past events that occurred prior to the transition to the new India cloud location, however, you will still have access to the WildFire Singapore portal to view the history. In addition, all information regarding the calculated verdicts, such as the WildFire verdict and WildFire report, will be available in the Cortex XDR portal.

    • CH—All Cortex XDR logs and data remain within the Switzerland boundary.

    • PL—All Cortex XDR logs and data remain within the Poland boundary.

  • (Cortex XDR Pro per Endpoint license only) Calculate the bandwidth required to support the number of agents you plan to deploy. You need 1.2Mbps of bandwidth for every 1,000 agents. The bandwidth requirement scales linearly so, for example, to support 100,000 agents, you need to allocate 120Mbps of bandwidth.

When you are ready to get started with a new tenant, Activate.

Migration from the Traps Endpoint Security Manager

  • Review to determine if upgrading is right for you.

Cortex XDR Public Key

Download Cortex XDR Public Key