This section describes the new features and updates of the Cortex XDR 3.9 and Cortex XDR Agent 8.3 releases.
The Cortex XDR 3.9 and Agent 8.3 releases include the following highlights:
Feature | Description |
---|---|
On-write protection module | Cortex XDR has expanded its machine learning (ML) based security capabilities to include on-write protection for Windows that includes Wildfire and local analysis. |
UEFI protection module | Cortex XDR has expanded its malware protection capabilities by adding the UEFI protection module, which reinforces and provides coverage against pre-boot attacks. |
Limit access to Cortex XDR API | Limit Cortex XDR API access to a specific IP address or IP range by adding them to an Allow list.This ensures better data security and control while facilitating integration with third-party systems and applications. |
The Cortex XDR 3.9 and Cortex XDR Agent 8.3 releases include the following enhancements:
General
Feature | Description |
---|---|
Augmenting VA insights in Host Card | The Host Card under Asset Scores now includes additional Vulnerability Assessment (VA) insights.This enhancement provides a detailed and high-level view of the Common Vulnerabilities and Exposures (CVE) sorted by severity, enabling you to quickly understand and prioritize security threats on each endpoint. The CVE breakdown is included only when Host Insights and Identity Threat Module licenses are activated. |
New cloud-related attributes for security events and agent status | Cortex XDR has integrated cloud-related attributes to security events and agent status to convey essential information. |
New Widgets in the Identity Threat Module (Requires the Identity Threat Module add-on) | The User Risk View in the Identity Threat Module now contains two new widgets that provide more insight into the provenance of the user.
|
Analytics Tags Highlights | Cortex XDR has updated the detectors inventory, introducing new analytics into both new and existing tags.
|
XDR Collectors
Windows 1.4.1.1100 and Linux 1.4.1.1089
For more information on maintenance releases, see Maintenance Releases.
Feature | Description |
---|---|
XDR Collectors 1.4.1 | This release includes performance improvements and bug fixes. |
Broker VM
Version 22.0.32
For more information on maintenance releases, see Maintenance Releases.
Feature | Description |
---|---|
Broker VM 22.0.32 | This release includes performance improvements and bug fixes. |
External Data Ingestion and Management
Feature | Description |
---|---|
Retention licenses support 31-day period | Cortex XDR retention license add-ons now support a 31-day period per license SKU purchased, instead of 30 days provided previously. This ensures a full 365-day coverage. |
Cortex Query Language (XQL)
Feature | Description |
---|---|
New field added to (Requires a Cortex XDR Pro license) | Cortex XDR now includes a new field called |
The Cortex XDR 3.9 and Cortex XDR Agent 8.3 releases include the following changes to existing functionality:
Component | Area | Description |
---|---|---|
APPS column of Broker VMs page | Broker VM | Cortex XDR has replaced the hovering action in the APPS column of the Broker VMs page to a left-click action to display the Broker VM applet settings and to Add a new Broker VM applet. |
target stage | XQL | Cortex Query Language (XQL) now supports defining a |
Endpoints table, Last Certificate Enforcement Fallback column Agent Settings profile | Certificate enforcement for Windows and macOS endpoints | To improve security, the Cortex XDR agent is now ensuring the use of a provided certificate, without using the local fallback store (enforcing using provided trusted root CA file). There are three modes of operation, set in the Agent Settings profile. Disabled (Notify) is default for existing tenants; new tenants will have the Enabled configuration by default.
|