Cortex XDR Agent for Cloud - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-06-20
Category
Administrator Guide
Abstract

Cortex XDR Agent for Cloud (CSA) is an expanded version of the Cortex XDR Agent that augments Cortex's runtime security and threat protection with Prisma Cloud's powerful vulnerability and security compliance management capabilities to deliver a complete Cloud Detection and Response solution.

The Prisma cloud vulnerability and compliance scanner is integrated in the Cortex XDR agent to provide a unified agent that gives runtime security including vulnerability and compliance. To use this functionality, you need a Cloud for Host license and your Cortex XDR tenant must be paired with a Prisma Cloud Compute tenant. This is done with a one-time pairing encoded key either on the Prisma tenant or on the Cortex XDR tenant. Create an Agent Settings Profile with Active Vulnerability Analysis set to enabled and add it to the Endpoint Policy.

The vulnerability and compliance scanning is executed by the Cortex XDR agent and is triggered by a schedule that is defined in the Agent Setting Profile, or when the Cortex XDR agent detects a new asset; image, or container etc.

Cortex XDR Agents that are enabled with Active Vulnerability Analysis, send all their data to the Cortex XDR server. The Prisma-related data found by the Prisma Scanner, vulnerability and compliance results, with any Cortex security alerts, are subsequently forwarded to the Prisma tenant at the server level and are displayed only in the corresponding Prisma console screens.

Scanner Result Distribution:

  • Cortex XDR security alerts are displayed in both the Cortex XDR and Prisma consoles. Prisma with limited investigation details.

  • Vulnerabilities and Compliance are displayed only in the Prisma console.

  • The list of paired Cloud Security Agents are displayed in the Prisma console

All Cortex XDR Agent for Cloud configurations are managed in the Cortex XDR console.

Vulnerability and Compliance scanned by Cortex XDR Agent for Cloud is only displayed in the Prisma Console.