You can apply predefined settings to your Cortex XDR agent endpoints, depending on the platform used on your endpoints.
Each Agent Settings Profile provides a tailored list of settings that you can configure for the platform that you select.
The following table describes these customizable settings and indicates which platforms support the setting (a dash (—) indicates the setting is not supported).
In addition to the customizable Agent Settings Profiles, you can also:
Configure Global Agent Settings that apply to all the endpoints in your network.
Configure Hardened Endpoint Security protections that leverage existing mechanisms and added capabilities to reduce the attack surface on your endpoints.
Setting | Windows | Mac | Linux | Android |
---|---|---|---|---|
Agent Profiles | ||||
Disk Space Customize the amount of disk space the Cortex XDR agent uses to store logs and information about events. | — | |||
User Interface Determine whether and how end users can access the Cortex XSIAM console. | — | — | ||
Traps Tampering Protection Prevent users from tampering with the Cortex XDR agent components by restricting access. | — | — | ||
Uninstall Password Change the default uninstall password to prevent unauthorized users from uninstalling the Cortex XDR agent software. | — | — | ||
Windows Security Center Configuration Configure your Windows Security Center preferences to allow registration with the Microsoft Security Center, to allow registration with automated Windows patch installation, or to disable registration. | — | — | — | |
Forensics Change forensic data collection and upload preferences. | — | — | — | |
XDR Pro Endpoints Enable the Cortex XDR Pro agent capabilities, including enhanced data collection, advanced responses, and available Pro add-ons. Requires a Cortex XDR Pro per Endpoint license. | — | |||
Response Actions Manual response actions that you can take on the endpoint after a malicious file, process, or behavior is detected. For example, you can terminate a malicious process, isolate the infected endpoint from the network, quarantine a malicious file, or perform additional action as necessary to remediate the endpoint. | — | |||
Content Updates Configure how the Cortex XDR agent performs content updates on the endpoint: whether to download the content directly from Cortex XSIAM or from a peer agent, whether to perform immediate or delayed updates, and whether to perform automatic content updates or continue using the current content version. | — | |||
Agent Auto Upgrade Enable the agent to perform automatic upgrades whenever a new agent version is released. You can select to upgrade only to minor versions in the same line, only to major versions, or both. | — | |||
Upload Using Cellular Data Enable Android endpoints to send unknown APK files for inspection as soon as a user connects to a cellular network. | — | — | — | |
Global Agent Configurations | ||||
Global Uninstall Password Set the uninstall password for all agents in the system. | — | |||
Content Bandwidth Management Configure the total bandwidth to allocate for content update distribution within your organization. | — | |||
Agent Auto Upgrade Configure the Cortex XDR agent auto upgrade scheduler and number of parallel upgrades. | — | |||
Endpoint Data Collection Configure the type of information collected by the Cortex XDR Agent for Vulnerability Assessment and Host insights. See Hardened Endpoint Security for the list of all operating systems that support these capabilities. | — | |||
Advanced Analysis Enable Cortex XSIAM to automatically upload alert data for secondary verdict verification and security policy tuning. | — |