Network configuration - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-13
Category
Administrator Guide
Abstract

Cortex XSIAM Network Configuration provides a representation of your network assets by collecting and analyzing your network resources.

Network asset visibility is a crucial investigative tool for discovering rogue devices and preventing malicious activity within your network. The number of managed and unmanaged assets in your network provides vital information for assessing security exposure and tracking network communication effectively.

Cortex XSIAM Network Configuration accurately represents your network assets by collecting and analyzing the following network resources:

  • User-defined IP Address Ranges and Domain Names associated with your internal network.

  • EDR data collected by Firewall Logs.

  • Cortex XSIAM Agent Logs.

  • ARP Cache

  • Broker VM Network Mapper

  • Pathfinder Data Collector

In addition to the network resources, Cortex XSIAM allows you to configure a Windows Agent Profile to scan your endpoints using Ping. This scan provides updated identifiers of your network assets, such as IP addresses and OS platforms. The scan is automatically distributed by Cortex XSIAM to all the agents configured in the profile and cannot be initiated by request.

With the data aggregated by Cortex XSIAM Network Configuration, you can locate and manage your assets more effectively and reduce the amount of research required to:

  • Distinguish between assets managed and unmanaged by a Cortex XSIAM agent.

  • Identify assets that are part of your internal network.

  • Monitor network data communications both within and outside your network.