Customizable Agent Settings - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-12-02
Category
Administrator Guide
Abstract

You can apply predefined settings to your Cortex XDR agent endpoints, depending on the platform used on your endpoints.

Each Agent Settings Profile provides a tailored list of settings that you can configure for the platform that you select.

The following table describes these customizable settings and indicates which platforms support the setting (a dash (—) indicates the setting is not supported).

In addition to the customizable Agent Settings Profiles, you can also:

Setting

Windows

Mac

Linux

Android

Agent Profiles

Disk Space

Customize the amount of disk space the Cortex XDR agent uses to store logs and information about events.

check-mark.png
check-mark.png
check-mark.png

User Interface

Determine whether and how end users can access the Cortex XSIAM console.

check-mark.png
check-mark.png

Traps Tampering Protection

Prevent users from tampering with the Cortex XDR agent components by restricting access.

check-mark.png
check-mark.png

Uninstall Password

Change the default uninstall password to prevent unauthorized users from uninstalling the Cortex XDR agent software.

check-mark.png
check-mark.png

Windows Security Center Configuration

Configure your Windows Security Center preferences to allow registration with the Microsoft Security Center, to allow registration with automated Windows patch installation, or to disable registration.

check-mark.png

Forensics

Change forensic data collection and upload preferences.

check-mark.png

XDR Pro Endpoints

Enable the Cortex XDR Pro agent capabilities, including enhanced data collection, advanced responses, and available Pro add-ons.

Requires a Cortex XDR Pro per Endpoint license.

check-mark.png
check-mark.png
check-mark.png

Response Actions

Manual response actions that you can take on the endpoint after a malicious file, process, or behavior is detected. For example, you can terminate a malicious process, isolate the infected endpoint from the network, quarantine a malicious file, or perform additional action as necessary to remediate the endpoint.

check-mark.png
check-mark.png
check-mark.png

Content Updates

Configure how the Cortex XDR agent performs content updates on the endpoint: whether to download the content directly from Cortex XSIAM or from a peer agent, whether to perform immediate or delayed updates, and whether to perform automatic content updates or continue using the current content version.

check-mark.png
check-mark.png
check-mark.png

Agent Auto Upgrade

Enable the agent to perform automatic upgrades whenever a new agent version is released. You can select to upgrade only to minor versions in the same line, only to major versions, or both.

check-mark.png
check-mark.png
check-mark.png

Upload Using Cellular Data

Enable Android endpoints to send unknown APK files for inspection as soon as a user connects to a cellular network.

check-mark.png

Global Agent Configurations

Global Uninstall Password

Set the uninstall password for all agents in the system.

check-mark.png
check-mark.png
check-mark.png

Content Bandwidth Management

Configure the total bandwidth to allocate for content update distribution within your organization.

check-mark.png
check-mark.png
check-mark.png

Agent Auto Upgrade

Configure the Cortex XDR agent auto upgrade scheduler and number of parallel upgrades.

check-mark.png
check-mark.png
check-mark.png

Endpoint Data Collection

Configure the type of information collected by the Cortex XDR Agent for Vulnerability Assessment and Host insights.

See Hardened Endpoint Security for the list of all operating systems that support these capabilities.

check-mark.png
check-mark.png
check-mark.png

Advanced Analysis

Enable Cortex XSIAM to automatically upload alert data for secondary verdict verification and security policy tuning.

check-mark.png
check-mark.png
check-mark.png