- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Hello there everyone,
The Cortex XDR group has been extremely busy—not only to improve the Cortex XDR Management, but also the Agent with tons of new features.
The new features include new General improvements like In-App Granular Role-Based Access Control, and Improved Quick Launcher Access. There are also new Audit Log options—like being able to have One-Year Retention of Audit Log Entries—new Investigation and Response, External Data Injestion, Analytics, Endpoint Security and Management, and Broker VM and API improvements....Way too updates to many to cover in one fell swoop.
Please see my abbreviated list below. For all of the nitty-gritty details, please see the release notes here: Cortex XDR Features Introduced in 2021.
FEATURE |
General |
Cortex XDR Gateway for Onboarding and Granular RBAC |
In-App Granular Role-Based Access Control |
Fine-Grained Role-Based Access Control Enhancements |
Cortex XDR Tenant Switcher |
Improved Quick Launcher Access |
Settings Navigation Change |
Enhanced Session Security Settings |
Native Search Deprecation |
Network Events Deprecation (Starting with the next Cortex XDR release) |
Audit Logs |
One-Year Retention of Audit Log Entries |
New Management Audit Logs for Policy Changes |
Improved Management Audit Logs for Extensions Policies and Profiles |
Policy Change Visibility in Management Audit Logs |
Enhanced Management Logs Incident ID Value |
Updated Management Audit Logs for Threat Handled Incident Status |
Improved Management Audit Logs for Host Insights Vulnerability Assessment Data Collection (Requires a Cortex XDR Pro per Endpoint license and Host-Insights add-on) |
Enhanced Audit Log for Operations in Rules Exceptions |
Investigation and Response |
XQL Multi-Language Data Support (Requires a Cortex XDR Pro license) |
New Standardized User Format for Events and Alerts (Requires a Cortex XDR Pro license) |
New XQL IP Location Stage (Requires a Cortex XDR Pro license) |
New XQL Bin Stage (Requires a Cortex XDR Pro license) |
New XQL Time Frame Configuration Function (Requires a Cortex XDR Pro license) |
New Support for Linux System Authentication Logs (Requires a Cortex XDR Pro license) |
New Visualizations for Widgets Based on XQL Search Queries (Requires a Cortex XDR Pro license) |
Incident Thresholds for Alert Grouping |
MITRE, Severity, and Alert Grouping Visibility in Incident Table |
Incident Table View Enhancement |
Causality View Loading Time Enhancements |
Added Option to View The Observed Behaviors of Behavioral Threat Protection Alerts |
Featured Alert Fields Enhancement (Requires a Cortex XDR Pro license) |
Enhanced Alerts Deduplication |
Quick Actions in Tables |
Centric View of CVE, Endpoint, and Application information, with additional Vulnerability Assessment Enhancements
|
Low and Informational Categorization for Agent Alerts |
Authentication Story Enrichment (Requires a Cortex XDR Pro per Endpoint license and a Cortex XDR agent 7.3 or later for Linux) |
External Data Ingestion |
Zscaler Cloud Firewall Log Ingestion (Requires a Cortex XDR Pro per TB license) |
Windows DHCP Log Ingestion (Requires a Cortex XDR Pro per TB license) |
Syslog Collector Applet Enhancements (Requires a Cortex XDR Pro per TB license) |
Additional External Alerts Fields Available for Mapping (Requires a Cortex XDR Pro license) |
New Behavior for Ingesting Null Fields (Requires a Cortex XDR Pro license) |
Analytics |
Improved Accuracy for Malware Protection (Requires a Cortex XDR agent 7.4 or later release for Windows) |
Cortex XDR Identity Analytics Add-On Module (Requires a Cortex XDR Pro license) |
Auto-Disable of Alerts from Analytics Detectors (Requires a Cortex XDR Pro per TB license) |
Endpoint Security and Management |
Cortex XDR Agent Deployment with Installer and Content Update Bundle (Requires a Cortex XDR agent 7.4 or later release for Windows) |
Cortex XDR Agent Installer and Content Caching on the Broker VM (Requires a Cortex XDR agent 7.4 or later release and latest Broker VM version) |
Device Control Enforcement on Previously Connected USB Devices (Requires a Cortex XDR agent 7.4 or later release for Windows) |
Support for Apple M1 (Requires a Cortex XDR agent 7.4 or later release for Mac) |
Context-based Global Exceptions for the Gatekeeper Enhancement Protection Module (Requires a Cortex XDR agent 7.4 or later for Mac) |
Scope-Based Access Control (SBAC) for Endpoints |
Broker VM |
CSV Log Files Integration with the Broker VM (Requires a Cortex XDR Pro per TB license) |
Agent Proxy Listening Interface |
API |
New XQL API (Requires a Cortex XDR Pro license) |
New API Key Time Limit |
Enhanced Visibility of Incident Data |
Updated Alert Severity Valid Values |
Updated Featured Alert Fields API (Requires a Cortex XDR Pro license) |
Upload Cortex XDR Indicator Request Validation |
Thanks for taking time to read my blog! If you enjoyed this, please hit the Like (thumb up) button, don't forget to subscribe to the LIVEcommunity Blog area.
As always, we welcome all comments and feedback in the comments section below.
Stay Secure,
Joe Delio
End of line
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
3 Likes | |
2 Likes | |
2 Likes | |
1 Like | |
1 Like |