https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initial-profiling/m-p/344228#M252 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/149855">@TonyTovar</a>,</P><P>&nbsp;</P><P>Yes. Prevent protects from malware, exploits, advanced threats.&nbsp; It does not include the analytics and some of the other EDR features.&nbsp;</P> Mon, 17 Aug 2020 18:40:01 GMT dfalcon 2020-08-17T18:40:01Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initial-profiling/m-p/339965#M218 <P>when you first install the Cortex XDR agent on a new server (and reboot if on Windows), is it immediately 'active' and blocking suspicious processes? I was told that it ran in 'passive' mode for 30-days as it built a profile of "normal" activity for that agent. I ask because we are starting to use immutable servers which are recreated from-scratch on a regular basis.</P> Tue, 21 Jul 2020 23:23:50 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initial-profiling/m-p/339965#M218 TonyTovar 2020-07-21T23:23:50Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initial-profiling/m-p/339968#M220 <P>Hi there-</P><P>&nbsp;</P><P>For malware, exploits, and most threats - those are blocked immediately based on your malware / exploit profile settings under the endpoint management section.</P><P>&nbsp;</P><P>The profiling you are referencing refers to the analytics component. &nbsp;That feature is essentially learning the behavior of the environment based on the computer and user entity. &nbsp;It is learning who is supposed to be doing what — it raises an alert when suspicious behavior is detected based on the behavior not matching that entity. &nbsp;The profiling ranges anywhere from a few days to 4 weeks based on the collector type.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 22 Jul 2020 00:24:17 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initial-profiling/m-p/339968#M220 dfalcon 2020-07-22T00:24:17Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initial-profiling/m-p/343953#M243 <P>Thanks, David! So, in general, the agent is 'active' and protected the server immediately -- but with some delay for the "analytics" portion?</P><P>&nbsp;</P><P>Also, I have now learned that there are 3 Cortex XDR licenses and we probably have just the base license (not "Pro"). So we are not getting EUBA or Network-Traffic Analytics. Was one of those the 'analytics' module to which you were referring? Or, is there also such a module in the base license?</P> Fri, 14 Aug 2020 20:48:46 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initial-profiling/m-p/343953#M243 TonyTovar 2020-08-14T20:48:46Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initial-profiling/m-p/344216#M249 <P>HI&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/149855">@TonyTovar</a>&nbsp;,</P><P>&nbsp;</P><P>Yes, that is correct.&nbsp; If you are using Prevent, the profiling component is not part of that offering.&nbsp; You have all included protections available immediately.&nbsp;&nbsp;</P> Mon, 17 Aug 2020 17:20:19 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initial-profiling/m-p/344216#M249 dfalcon 2020-08-17T17:20:19Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initial-profiling/m-p/344217#M250 <P>Is 'Prevent' the base-level license?</P> Mon, 17 Aug 2020 17:27:16 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initial-profiling/m-p/344217#M250 TonyTovar 2020-08-17T17:27:16Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initial-profiling/m-p/344228#M252 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/149855">@TonyTovar</a>,</P><P>&nbsp;</P><P>Yes. Prevent protects from malware, exploits, advanced threats.&nbsp; It does not include the analytics and some of the other EDR features.&nbsp;</P> Mon, 17 Aug 2020 18:40:01 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initial-profiling/m-p/344228#M252 dfalcon 2020-08-17T18:40:01Z