Network Configuration - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-16
Category
Administrator Guide
Abstract

Cortex XSIAM Network Configuration provides a representation of your network assets by collecting and analyzing your network resources.

Network asset visibility is a crucial investigative tool in discovering rogue devices in your network and preventing malicious activity. Understanding how many managed and unmanaged assets are part of your network provides you with vital information to better assess your security exposure and track network communication.

Cortex XSIAM Network Configuration provides an accurate representation of your network assets by collecting and analyzing the following network resources.

  • User-defined IP Address Ranges and Domain Names associated with your internal network

  • EDR data collected by Firewall Logs

  • Cortex XSIAM Agent Logs

  • ARP Cache

  • Broker VM Network Mapper

  • Pathfinder Data Collector

In addition to the network resources, Cortex XSIAM allows you to configure in your Windows Agent Profile a Cortex XDR agent scan of your endpoints using Ping that provides updated identifiers of your network assets, such as IP addresses and OS platforms. The scan is automatically distributed by Cortex XSIAM to all the agents configured in the profile and cannot be initiated by request.

With the data aggregated by Cortex XSIAM Network Configuration you can locate and manage your assets more effectively and reduce the amount of research required to.

  • Distinguish between assets managed and unmanaged by a Cortex XDR agent.

  • Identify assets that are part of your internal network.

  • Track network data communications from within and outside your network.