Cortex XDR Management 3.0 has just been released and is supercharged with new features and capabilities. Exciting updates include new support to India, extended visibility, Managed Threat Hunting enhancements, and much more.
Here's a list of the many new features and capabilities from the third-generation of Cortex XDR and XDR Agent 7.5.
Note: Some of these new features require a special license.
*Information reprinted from the Cortex XDR Release notes page.
|
FEATURE
|
|---|
|
General
|
|
India Region Support
|
|
Cortex XDR Enhanced License Details
|
|
Host Insights Evaluation Period Extension
(Requires a Host Insights add-on license)
|
|
New Compute Units Add-On
(Requires a Cortex XDR Pro license)
|
|
Allowed Domains for Distribution List
|
|
Independent Configuration of Access Permissions for Settings
|
|
Directory Sync Services Renaming
|
|
XDR for Cloud
|
|
Cortex XDR Agent for Kubernetes Hosts
(Requires a Cortex XDR agent 7.5 or a later release for Linux and Cortex XDR Cloud per Host license)
|
|
Extended Visibility to Your Cloud Network Flow Logs
(Requires a Cortex XDR Pro per TB license)
|
|
Extended Visibility to Your Cloud Platform
(Requires a Cortex XDR Pro per TB license)
|
|
New Cloud Investigation Capabilities
(Requires a Cortex XDR Pro per TB license)
|
|
Prisma Cloud Alert Ingestion
(Requires a Cortex XDR Pro per TB license)
|
|
Prisma Cloud Compute Alert Ingestion
(Requires a Cortex XDR Pro per TB license)
|
|
Forensics
|
|
New Comprehensive Forensics Add-On
(Requires a Forensics add-on license and a Cortex XDR agent 7.4 or later for Windows)
|
|
Identity Analytics
|
|
Identity Analytics Module Activation Modification
(Requires a Cortex XDR Pro license)
|
|
User Score Management
(Requires a Cortex XDR Pro license)
|
|
User View
(Requires a Cortex XDR Pro license)
|
|
Investigation and Response
|
|
New XQL Correlation Rules
(Requires a Cortex XDR Pro license)
|
|
New XQL Personal Query Library
(Requires a Cortex XDR Pro license)
|
|
Dataset Management Enhancements
(Requires a Cortex XDR Pro license)
|
|
New XQL Dataset for Cloud Identity Engine
(Requires a Cortex XDR Pro license)
|
|
New USB Device Visibility in XQL
(Requires a Cortex XDR Pro license)
|
|
XQL ASN Data Support
(Requires a Cortex XDR Pro per TB license)
|
|
New GlobalProtect Access Authentication Log Visibility in XQL
(Requires a Cortex XDR Pro per TB license)
|
|
Custom XQL Widget Report Attachments
|
|
Redesigned Incident View and Investigation Capabilities
|
|
New Incident Resolved Statuses
|
|
New Cortex XDR Dashboard for Security Operations Center Manager
|
|
Centric View of Alert Information
|
|
Quick Actions in Tables Enhancements
|
|
Granular Exceptions for BTP Alerts
|
|
Enhanced Child Process Node Investigation
|
|
Asset Management Enhancement
(Requires a Cortex XDR Pro license)
|
|
Enhanced Endpoint Administration Table Filter Options
|
|
IP View IP Address Visibility
|
|
Audit Logs
|
|
Management Logs for Cortex XDR Gateway
|
|
External Data Ingestion
|
|
New 3rd Party Parsing Rules
(Requires a Cortex XDR Pro per TB license)
|
|
New XDR Collectors Configuration for On-premises Data Collection
(Requires a Cortex XDR Pro per TB license)
|
|
Amazon S3 Log Ingestion
(Requires a Cortex XDR Pro per TB license)
|
|
Workday Reports Data Ingestion
(Requires a Cortex XDR Pro per TB license)
|
|
ServiceNow CMDB Data Ingestion
(Requires a Cortex XDR Pro per TB license)
|
|
Windows DHCP Example File Available in the User Interface
(Requires a Cortex XDR Pro per TB license)
|
|
Analytics
|
|
Analytics Alert Causality View Enhancement
(Requires a Cortex XDR Pro license)
|
|
Multi-Severity for Analytics BIOC Rules
(Requires a Cortex XDR Pro license)
|
|
Endpoint Protection
|
|
Enhancements to the Cortex XDR Host Firewall
(Requires a Cortex XDR agent 7.5 or a later release for Windows)
|
|
Network Packet Inspection Engine
(Requires a Cortex XDR agent 7.5 or a later release for Windows)
|
|
Improved Security Content
(Requires a Cortex XDR agent 7.5 or a later release)
|
|
Separate Actions for Files Unknown to WildFire and Files with Benign LC Score
(Requires a Cortex XDR agent 7.5 or a later release for Windows)
|
|
Quarantine Malicious ELF Files
(Requires a Cortex XDR agent 7.5 or a later release for Linux)
|
|
Configurable Device Control Enforcement Pop-Up Message
(Requires a Cortex XDR agent 7.5 or a later release for Windows)
|
|
Improved Logs Protection
(Requires a Cortex XDR agent 7.5 or a later release for Linux)
|
|
Support for Azure-based Virtual Environments
(Requires a Cortex XDR agent 7.5 or a later release for Windows)
|
|
Extending Gatekeeper Protection to Bundles
(Requires a Cortex XDR agent 7.5 or a later release for Mac)
|
|
Audit Log for Unauthorized Agent Shutdown
(Requires a Cortex XDR agent 7.5 or a later release for Mac)
|
|
Simplified Network Bandwidth Allocation for Security Content Updates
|
|
Gradual Rollout for Automatic Agent Upgrades
|
|
Broker VM
|
|
New FTP Collector in the Broker VM
(Requires a Cortex XDR Pro per TB license)
|
|
New Files and Folder Collector in the Broker VM
(Requires a Cortex XDR Pro per TB license)
|
|
New Database Collector in the Broker VM
(Requires a Cortex XDR Pro per TB license)
|
|
New NetFlow Collector in the Broker VM
(Requires a Cortex XDR Pro per TB license)
|
|
Enhanced WEC Certificates Renewal Mechanism
(Requires a Cortex XDR Pro per TB license)
|
|
API
|
|
Get Violations API Enhancements
|
|
Get Incident API Enhancement
|
|
New Incident Resolved Statuses
|
|
Incident ID Enhancement for Action APIs
|
|
Managed Threat Hunting
|
|
Managed Threat Hunting Communication and Tracking Enhancements
|
From Improved Security content to New Comprehensive Forensics Add-On, Cortex XDR Agent 7.5 has its own laundry list of new features.
* Information reprinted from the Cortex XDR Agent 7.5 Release notes page.
Cross-Platform Features
|
FEATURE
|
|---|
|
Improved Security Content
|
|
Simplified Network Bandwidth Allocation for Security Content Updates
|
|
Gradual Rollout for Automatic Agent Upgrades
|
|
Granular Exceptions for BTP Alerts
|
Windows Features
|
FEATURE
|
|---|
|
New Comprehensive Forensics Add-On
(Requires a Forensics add-on license and a Cortex XDR agent 7.4 or later)
|
|
Enhancements to the Cortex XDR Host Firewall
|
|
Network Packet Inspection Engine
|
|
Separate Actions for Files Unknown to WildFire and Files with Benign LC Score
|
|
Configurable Device Control Enforcement Pop-Up Message
|
|
Support for Azure-based Virtual Environments
|
|
Microsoft Exchange Vulnerability Protection
(Requires PTU 193-68672, or PTU 194-68995 and later)
|
Mac Features
|
FEATURE
|
|---|
|
Extending Gatekeeper Protection to Bundles
|
|
Audit Log for Unauthorized Agent Shutdown
|
Linux Features
|
FEATURE
|
|---|
|
Cortex XDR Agent for Kubernetes Hosts
(Requires a Cortex XDR Cloud per Host license)
|
|
Quarantine Malicious ELF Files
|
|
Improved Logs Protection
|
Please find the full details on the Cortex XDR Management 3.0 release notes and the Cortex XDR Agent 7.5 Release notes pages.
for more information about Cortex XDR, please see the LIVEcommunity Cortex XDR page for a complete Customer Journey Guide, events, webinars, videos, and discussions dedicated to Cortex XDR.
Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumb up) button, don't forget to subscribe to the LIVEcommunity Blog area.
As always, we welcome all comments and feedback in the comments section below.
Stay Secure,
Joe Delio
End of line
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
| Subject | Likes |
|---|---|
| 5 Likes | |
| 3 Likes | |
| 3 Likes | |
| 3 Likes | |
| 2 Likes |
| User | Likes Count |
|---|---|
| 11 | |
| 4 | |
| 3 | |
| 3 | |
| 2 |
