Learn about the new Cortex XDR features released in August 2019 that include a Unified web interface (UI). Other new features for Cortex XDR include Analytics Alert Analysis, App-ID Integration, URL Category Integration, and more. Got questions? Get answers on LIVEcommunity.
Cortex XDR features released in August 2019.
The following table describes the new features introduced in Cortex XDR in August 2019
Unified Cortex XDR Interface
The apps for Cortex XDR – Investigation and Response and Cortex XDR – Analytics have been consolidated into one Cortex XDR app. The new app is available from the hub under the Cortex XDR tile. To access Cortex XDR – Analytics features in the new app, you must be assigned an administrative role for the Cortex XDR – Analytics.
Analytics Alert Analysis
You can now analyze analytics and analytics BIOC alerts in Cortex XDR. Each alert type provides a tailored analytics view to help you understand the context of the alert. This view provides an alert summary, a graphical representation of the activity that you can interact with, and any related events. From the analytics view, you can also take additional actions to respond to the alert such as initiating a live terminal or adding a malicious domain or IP address to an external dynamic list (EDL).
Cortex XDR can now identify related App-IDs for an alert. App-ID is a traffic classification system that determines what an application is irrespective of port, protocol, encryption (SSH or SSL) or any other evasive tactic used by the application. When known, you can also pivot to the Palo Alto Networks Applipedia entry that describes the detected application. To add the App-ID column, use the column manager on the Alerts table.
URL Category Integration
Cortex XDR now integrates URL filtering categories associated with URL filtering logs in the Alerts table. When known, Cortex XDR displays the URL filtering type.
Threat Intelligence License Truncation
Cortex XDR now truncates part of the license key on the Threat Intelligence page when you integrate additional threat intelligence sources such as AutoFocus and VirusTotal. Truncating part of the license key enables you to take screen captures or videos of the page, such as for demo purposes, without sharing your license key.
Alerts Tab Change
To streamline investigations, theAlertspage is now removed from the main Cortex XDR menu. Now, you can only access the Alerts table from the Incidents table or from within the investigation of an incident.