New Cortex XDR 2.6.5 Features - Monthly Release

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
L7 Applicator

Cortex XDR 2.6.5 features.png

Hello everyone!

This month's release of Cortex XDR 2.6.5 includes many new features including new Vulnerability Management, dashboard widgets and reports, new CVE Exclusions, Enhanced Visibility of Endpoint and more.

 

Read about all of the features in the list below. 

 

New Features included in Cortex XDR 2.6.5 *

FEATURE
DESCRIPTION
Management Features
New Cortex XDR Report and Dashboard Widgets for Vulnerability Management **
Cortex XDR introduces a few new widgets for Vulnerability Management to help you better visualize the findings and manage your endpoints, such as top vulnerable hosts and top vulnerable applications.
For the list of new Widgets, see Cortex XDR Dashboard Widgets.
Endpoint Security and Management
Vulnerability Management for Windows Endpoints ***
Cortex XDR now extends Vulnerability Management to Windows endpoints. To provide you with a comprehensive understanding of the vulnerability severity, Cortex XDR retrieves the latest data for each CVE from the NIST National Vulnerability Database as well as from the Microsoft Security Response Center (MSRC). Additionally, to provide you with more insight into the vulnerability state of your Windows endpoints, Cortex XDR reports all Microsoft Windows patches (KBs) that are installed on the endpoint.
NOTE: For Windows endpoints, Cortex XDR lists only CVEs relating to the operating system, and not CVEs relating to applications provided by other vendors.
Autonomous Application Inventory **
To better manage your application inventory, you can now access it in Cortex XDR directly from the Host Inventory menu, as well as pivot to it from Vulnerability Management as before.
Additional Host Inventory Data for Mac Endpoints **
Cortex XDR now extends Host Inventory for Mac endpoints to include additional information types, and enriches host inventory information that was introduced in previous releases.
Enhancements to Host Inventory Aggregated View **
When you analyze Host Inventory data in aggregated mode, you can quickly asses the overall presence of an entity on all endpoints in your network. Now, to better asses the findings in your network, you can also sort and filter according the number of affected endpoints. For example, in the Services aggregated view, you can sort by the number of affected endpoints to identify the least commonly deployed service in your network.
CVE Exclusions **
When you review the CVEs state in your network and know specific CVEs are irrelevant for your current analysis, you can now exclude them from your findings and filters. After you exclude a CVE, it no longer appears on the Endpoints and Applications views in Vulnerability Management, or in the Host Insights Widgets.

To exclude a CVE, from Vulnerability Management > CVE , right-click the CVE and Exclude. You can add a comment if needed. When an exclusion is present, the CVE is grayed out. To restore the CVE to your Vulnerability Management  views, you can right-click the CVE and Undo exclusion  at any time.
NOTE: The CVE will be removed/reinstated to all views, filters, and widgets after the next vulnerability management recalculation.
Broker VM - Version 10.1.9
Support self-signed certificate for Broker VM
You can now use your organization signed certificate and key to establish a secure connection between your endpoints and Cortex XDR console to the Broker VM.
API
Support Base64 for Snippet Code Script
You can now send your Snippet Code Script API request in Base64.
Enhanced Visibility of Endpoint
To help you gain greater visibility of requested API data when calling Get Endpoint, the response section now includes the last_seen field displaying the date and time the endpoint was last connected.

* - New features reprinted from the Cortex XDR Release Notes page

** - Requires a Cortex XDR Pro per Endpoint license and Host Insights Add-on

*** - Requires a Cortex XDR Pro per Endpoint license, Host Insights Add-on, and a Cortex XDR agent 7.1 or later

 

More Info

For all of the details from the full Cortex XDR Release Notes page, including all past features, Software and Content Versions, and Known Issues, please visit the Cortex XDR Release Notes page.

 

Don't forget to check out the LIVEcommunity Cortex XDR page. This page has Cortex XDR Discussions, Videos, Articles and Resources all in one place on the LIVEcommunity. Please visit: LIVEcommunity Cortex XDR page

 

Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumbs up) button, and don't forget to subscribe to the LIVEcommunity Blog area.

 

As always, we welcome all comments and feedback in the comments section below.

 

Stay Secure,
Joe Delio
End of line

  • 7778 Views
  • 0 comments
  • 3 Likes
Register or Sign-in
Labels