Vulnerability Management for Windows Endpoints ***
Cortex XDR now extendsVulnerability Managementto Windows endpoints. To provide you with a comprehensive understanding of the vulnerability severity, Cortex XDR retrieves the latest data for each CVE from the NIST National Vulnerability Database as well as from the Microsoft Security Response Center (MSRC). Additionally, to provide you with more insight into the vulnerability state of your Windows endpoints, Cortex XDR reports all Microsoft Windows patches (KBs) that are installed on the endpoint.
NOTE:For Windows endpoints, Cortex XDR lists only CVEs relating to the operating system, and not CVEs relating to applications provided by other vendors.
Autonomous Application Inventory **
To better manage your application inventory, you can now access it in Cortex XDR directly from theHost Inventorymenu, as well as pivot to it from Vulnerability Management as before.
Additional Host Inventory Data for Mac Endpoints **
Cortex XDR now extendsHost Inventoryfor Mac endpoints to include additional information types, and enriches host inventory information that was introduced in previous releases.
Enhancements to Host Inventory Aggregated View **
When you analyzeHost Inventorydata in aggregated mode, you can quickly asses the overall presence of an entity on all endpoints in your network. Now, to better asses the findings in your network, you can also sort and filter according the number of affected endpoints. For example, in the Services aggregated view, you can sort by the number of affected endpoints to identify the least commonly deployed service in your network.
CVE Exclusions **
When you review the CVEs state in your network and know specific CVEs are irrelevant for your current analysis, you can now exclude them from your findings and filters. After you exclude a CVE, it no longer appears on the Endpoints and Applications views inVulnerability Management, or in theHost Insights Widgets.
To exclude a CVE, fromVulnerability Management > CVE , right-click the CVE andExclude. You can add a comment if needed. When an exclusion is present, the CVE is grayed out. To restore the CVE to yourVulnerability Management views, you can right-click the CVE andUndo exclusion at any time.
NOTE:The CVE will be removed/reinstated to all views, filters, and widgets after the next vulnerability management recalculation.
Broker VM - Version 10.1.9
Support self-signed certificate for Broker VM
You can now use your organization signed certificate and key to establish asecure connectionbetween your endpoints and Cortex XDR console to the Broker VM.