New Cortex XDR Management (2.9) and Agent (7.4) Features for May 2021

cancel
Showing results for 
Search instead for 
Did you mean: 
Community Team Member

may-2021-cortex-updates.jpg

Hello there everyone,

The Cortex XDR group has been extremely busy—not only to improve the Cortex XDR Management, but also the Agent with tons of new features. 

 

The new features include new General improvements like In-App Granular Role-Based Access Control, and Improved Quick Launcher Access. There are also new Audit Log options—like being able to have One-Year Retention of Audit Log Entries—new Investigation and Response, External Data Injestion, Analytics, Endpoint Security and Management, and Broker VM and API improvements....Way too updates to many to cover in one fell swoop.

 

Please see my abbreviated list below. For all of the nitty-gritty details, please see the release notes here: Cortex XDR Features Introduced in 2021.

 

Features Releasing in May*

NOTE: The following new features in the Cortex® XDR™ 2.9 release. Cortex XDR 2.9 will be divided into two deployments: May 24, 2021 and May 31, 2021. Customers will be notified in advance of their 2.9 release availability.
 
FEATURE
General
Cortex XDR Gateway for Onboarding and Granular RBAC
In-App Granular Role-Based Access Control
Fine-Grained Role-Based Access Control Enhancements
Cortex XDR Tenant Switcher
Improved Quick Launcher Access
Settings Navigation Change
Enhanced Session Security Settings
Native Search Deprecation
Network Events Deprecation
(Starting with the next Cortex XDR release)
Audit Logs
One-Year Retention of Audit Log Entries
New Management Audit Logs for Policy Changes
Improved Management Audit Logs for Extensions Policies and Profiles
Policy Change Visibility in Management Audit Logs
Enhanced Management Logs Incident ID Value
Updated Management Audit Logs for Threat Handled Incident Status
Improved Management Audit Logs for Host Insights Vulnerability Assessment Data Collection
(Requires a Cortex XDR Pro per Endpoint license and Host-Insights add-on)
Enhanced Audit Log for Operations in Rules Exceptions
Investigation and Response
XQL Multi-Language Data Support
(Requires a Cortex XDR Pro license)
New Standardized User Format for Events and Alerts
(Requires a Cortex XDR Pro license)
New XQL IP Location Stage
(Requires a Cortex XDR Pro license)
New XQL Bin Stage
(Requires a Cortex XDR Pro license)
New XQL Time Frame Configuration Function
(Requires a Cortex XDR Pro license)
New Support for Linux System Authentication Logs
(Requires a Cortex XDR Pro license)
New Visualizations for Widgets Based on XQL Search Queries
(Requires a Cortex XDR Pro license)
Incident Thresholds for Alert Grouping
MITRE, Severity, and Alert Grouping Visibility in Incident Table
Incident Table View Enhancement
Causality View Loading Time Enhancements
Added Option to View The Observed Behaviors of Behavioral Threat Protection Alerts
Featured Alert Fields Enhancement
(Requires a Cortex XDR Pro license)
Enhanced Alerts Deduplication
Quick Actions in Tables
Centric View of CVE, Endpoint, and Application information, with additional Vulnerability Assessment Enhancements
Low and Informational Categorization for Agent Alerts
Authentication Story Enrichment
(Requires a Cortex XDR Pro per Endpoint license and a Cortex XDR agent 7.3 or later for Linux)
External Data Ingestion
Zscaler Cloud Firewall Log Ingestion
(Requires a Cortex XDR Pro per TB license)
Windows DHCP Log Ingestion
(Requires a Cortex XDR Pro per TB license)
Syslog Collector Applet Enhancements
(Requires a Cortex XDR Pro per TB license)
Additional External Alerts Fields Available for Mapping
(Requires a Cortex XDR Pro license)
New Behavior for Ingesting Null Fields
(Requires a Cortex XDR Pro license)
Analytics
Improved Accuracy for Malware Protection
(Requires a Cortex XDR agent 7.4 or later release for Windows)
Cortex XDR Identity Analytics Add-On Module
(Requires a Cortex XDR Pro license)
Auto-Disable of Alerts from Analytics Detectors
(Requires a Cortex XDR Pro per TB license)
Endpoint Security and Management
Cortex XDR Agent Deployment with Installer and Content Update Bundle
(Requires a Cortex XDR agent 7.4 or later release for Windows)
Cortex XDR Agent Installer and Content Caching on the Broker VM
(Requires a Cortex XDR agent 7.4 or later release and latest Broker VM version)
Device Control Enforcement on Previously Connected USB Devices
(Requires a Cortex XDR agent 7.4 or later release for Windows)
Support for Apple M1
(Requires a Cortex XDR agent 7.4 or later release for Mac)
Context-based Global Exceptions for the Gatekeeper Enhancement Protection Module
(Requires a Cortex XDR agent 7.4 or later for Mac)
Scope-Based Access Control (SBAC) for Endpoints
Broker VM
CSV Log Files Integration with the Broker VM
(Requires a Cortex XDR Pro per TB license)
Agent Proxy Listening Interface
API
New XQL API
(Requires a Cortex XDR Pro license)
New API Key Time Limit
Enhanced Visibility of Incident Data
Updated Alert Severity Valid Values
Updated Featured Alert Fields API
(Requires a Cortex XDR Pro license)
Upload Cortex XDR Indicator Request Validation
 *All new features reprinted from the release notes here: Cortex XDR Features Introduced in 2021 
 
More info
For a complete list of all of the new features in all of its glory, please visit the Cortex XDR Release Information page. While there, you can drill down into each of the sections the detail the following:
 

Thanks for taking time to read my blog! If you enjoyed this, please hit the Like (thumb up) button, don't forget to subscribe to the LIVEcommunity Blog area.

 

As always, we welcome all comments and feedback in the comments section below.

 

Stay Secure,
Joe Delio
End of line

Register or Sign-in
Labels