Features Introduced in April for Cortex XDR - Investigation and Response

Community Team Member

Read about the new Features Introduced in April for Cortex XDR - Investigation and Response. In this article you can find links to release notes and descriptions about new features such as Remote Terminal, Save and Share Filters, and Audit Logs. Got Questions? Get Answers on Live Community!

 

Here's a short summary of the new features that came out in April for Cortex XDR - Investigation and Response.

 

Feature Description

Remote Terminal

You can now establish a remote connection through Cortex XDR – Investigation and Response directly to a monitored endpoint in your network. The new Remote Terminal emulates a local graphic user interface and is available with the use of a Pathfinder VM. In addition, the Remote Terminal provides a Windows command line and a Python command shell from which you can run commands and scripts. After connecting to the endpoint, you can navigate the local file directory; manage files, folders, and processes; and perform remediation actions. At the end of your session you can also save out a session report which can include any files you flagged for follow-up.
Save and Share Filters Cortex XDR – Investigation and Response now enables you to save, modify, and share filters across your organization.

Audit Logs

You can now view all administrative activity in Cortex XDR – Investigation and Response from the new Auditing page. Examples of activity logged in the app include BIOC and IOC policy management, response actions initiated, remote session commands and the command response, and investigative query actions. You can also filter the activity and export the results to a tab-separated values (TSV) file.

 

 

For full details on the new features being introduced in 2019 for Cortex XDR - Investigation and Response, please visit TechDocs to view the most recent Release Notes.

 
1,094 Views
Ask Questions Get Answers Join the Live Community
Labels