Cortex Xpanse can ingest enpoint data from Cortex XDR to provide a consolidated view of your remote attack surface.
The Cortex XDR Agent can be installed on workstations, servers, cloud instances, and mobile devices. Cortex Xpanse ingests this data for all devices that have a public IP address and have communicated with the Cortex XDR server in the last 48 hours to identify remote workforce devices associated with your organization. Cortex Xpanse displays all of the networks that your Cortex XDR devices are connected to and categorizes each network as either Remote (if the network’s IP address does not overlap with your organization’s asset map) or Corporate (if the network IP address overlaps with your organization's asset map). Cortex Xpanse also enables you to drill down into each network to see the list of individual devices using that network.
Cortex Xpanse cross references Cortex XDR endpoint data with its own global scan data to identify issues and services running on the networks where employees are located. This functionality enables you to view the risky Services and Issues associated with your remote worker networks and devices. Security risks identified by Cortex Xpanse on your remote networks can be remediated directly on the device via Cortex XDR or via network configuration.