Network Monitoring capabilities of XDR

nrangarajan22 — Thu, 01 Dec 2022 18:07:07 GMT

Hello ,

Wanted to know if XDR has the capability to view network packets (pcap) or to push out network policies, block traffic, visualization of network data etc.

Re: Network Monitoring capabilities of XDR

mavraham — Fri, 02 Dec 2022 01:58:28 GMT

Hi @nrangarajan22

Thank you for for writing to Live Community!

Please allow me to address your questions:

1. Cortex XDR does not currently have complete network visualization, however you are able to investigate an asset’s traffic by going into IP View. You can access an asset’s IP view by going into Assets->Asset Inventory-> Right Click an asset and choose Open IP View. There you’ll be able to see important network data such as: number of outgoing connections, total traffic, and total download and upload.

2. Cortex XDR allows for network visibility and asset management by collecting and analyzing different network resources such as:

User-defined IP Address Ranges and Domain Names associated with your internal network
EDR data collected by Firewall Logs
Cortex XDR Agent Logs
ARP Cache
Broker VM Network Mapper
Pathfinder Data Collector

3. Cortex XDR can obtain pcap files originating from Palo Alto NGFW alerts, but the packet capture is being done by the FW itself.

Last, I recommend watching this video which thoroughly explains the product’s network capabilities.

Hope this helps!

Re: Network Monitoring capabilities of XDR

nrangarajan22 — Fri, 02 Dec 2022 05:11:30 GMT

Thank you

topic Network Monitoring capabilities of XDR in Cortex XDR Discussions

Network Monitoring capabilities of XDR

Re: Network Monitoring capabilities of XDR

Re: Network Monitoring capabilities of XDR