Introduction to Cortex Xpanse - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Creation date
Last date published
User Guide

Cortex Xpanse is a cloud-based attack surface management (ASM) platform that collects and correlates information about every device and service connected to the public internet.

Cortex Xpanse is a cloud-based platform for Attack Surface Management (ASM). It helps you discover and manage your public attack surface, providing visibility into all your digital assets, including on-prem and cloud assets. Cortex Xpanse helps you identify and remediate vulnerabilities, enforce compliance policies, and reduce the risk of cyberattacks.

Expander is the Cortex Xpanse web application and API that discovers, monitors, and tracks your global Internet attack surface, identifying new, existing, and unknown assets, and actively helping you reduce your exposure to attackers.

Expander's secure, open APIs support integrations to various third-party systems, including single sign-on (SSO) platforms. Expander also supports an asset ingest model upon which we can build connectors to various systems. With these connectors, asset information can flow into the Expander platform and be processed alongside all other asset data.

Cortex Xpanse Expander provides the following key features that enable organizations to track and secure their internet-facing assets and infrastructure.

  • Asset Inventory—Cortex Xpanse provides a searchable, filterable view of all the assets that have been attributed to your organization by Cortex Xpanse, including IP ranges, certificates, domains, cloud resources, websites, and services.

  • Dashboards and Reports—Cortex Xpanse provides out-of-the-box, as well as customizable, dashboards and reports on the current and historical state of your organization's inventory, services, and incidents. This reporting delivers insight into trends and helps leaders identify key topics and business units to focus on to improve the security posture of the organization.

  • Rules— Cortex Xpanse provides 800+ policies and hundreds of vulnerability tests (as part of the Attack Surface Testing add-on module) to identify actionable risky and vulnerable assets and confirm exploitability.

  • Incident Response—Cortex Xpanse generates incidents and alerts based on a flexible attack surface rules engine that identifies security and configuration risks within your organization's assets and services, and provides a workflow in which analysts can investigate, prioritize, track their efforts to remediate outstanding problems, and independently confirm they have been corrected. The Threat Response Center is also available to track emerging internet emergencies including zero-day CVEs.

  • Active Response—The Cortex Xpanse Active Response add-on module automates the alert investigation, notification, and remediation workflow using curated, out-of-the-box playbooks that run whenever a new attack surface alert is created.