New Features and Capabilities from Cortex XDR 3.0 and Cortex XDR Agent 7.5

cancel
Showing results for 
Search instead for 
Did you mean: 
Community Team Member

jdelio_0-1630522462486.png

 

Cortex XDR Management 3.0 has just been released and is supercharged with new features and capabilities. Exciting updates include new support to India, extended visibility, Managed Threat Hunting enhancements, and much more. 

 

Here's a list of the many new features and capabilities from the third-generation of Cortex XDR and XDR Agent 7.5.

 

New Cortex XDR Management 3.0 Features for August 2021*

 

Note: Some of these new features require a special license.

*Information reprinted from the Cortex XDR Release notes page

 

FEATURE
General
India Region Support
Cortex XDR Enhanced License Details
Host Insights Evaluation Period Extension
(Requires a Host Insights add-on license)
New Compute Units Add-On
(Requires a Cortex XDR Pro license)
Allowed Domains for Distribution List
Independent Configuration of Access Permissions for Settings
Directory Sync Services Renaming
XDR for Cloud
Cortex XDR Agent for Kubernetes Hosts
(Requires a Cortex XDR agent 7.5 or a later release for Linux and Cortex XDR Cloud per Host license)
Extended Visibility to Your Cloud Network Flow Logs
(Requires a Cortex XDR Pro per TB license)
Extended Visibility to Your Cloud Platform
(Requires a Cortex XDR Pro per TB license)
New Cloud Investigation Capabilities
(Requires a Cortex XDR Pro per TB license)
Prisma Cloud Alert Ingestion
(Requires a Cortex XDR Pro per TB license)
Prisma Cloud Compute Alert Ingestion
(Requires a Cortex XDR Pro per TB license)
Forensics
New Comprehensive Forensics Add-On
(Requires a Forensics add-on license and a Cortex XDR agent 7.4 or later for Windows)
Identity Analytics
Identity Analytics Module Activation Modification
(Requires a Cortex XDR Pro license)
User Score Management
(Requires a Cortex XDR Pro license)
User View
(Requires a Cortex XDR Pro license)
Investigation and Response
New XQL Correlation Rules
(Requires a Cortex XDR Pro license)
New XQL Personal Query Library
(Requires a Cortex XDR Pro license)
Dataset Management Enhancements
(Requires a Cortex XDR Pro license)
New XQL Dataset for Cloud Identity Engine
(Requires a Cortex XDR Pro license)
New USB Device Visibility in XQL
(Requires a Cortex XDR Pro license)
XQL ASN Data Support
(Requires a Cortex XDR Pro per TB license)
New GlobalProtect Access Authentication Log Visibility in XQL
(Requires a Cortex XDR Pro per TB license)
Custom XQL Widget Report Attachments
Redesigned Incident View and Investigation Capabilities
New Incident Resolved Statuses
New Cortex XDR Dashboard for Security Operations Center Manager
Centric View of Alert Information
Quick Actions in Tables Enhancements
Granular Exceptions for BTP Alerts
Enhanced Child Process Node Investigation
Asset Management Enhancement
(Requires a Cortex XDR Pro license)
Enhanced Endpoint Administration Table Filter Options
IP View IP Address Visibility
Audit Logs
Management Logs for Cortex XDR Gateway
External Data Ingestion
New 3rd Party Parsing Rules
(Requires a Cortex XDR Pro per TB license)
New XDR Collectors Configuration for On-premises Data Collection
(Requires a Cortex XDR Pro per TB license)
Amazon S3 Log Ingestion
(Requires a Cortex XDR Pro per TB license)
Workday Reports Data Ingestion
(Requires a Cortex XDR Pro per TB license)
ServiceNow CMDB Data Ingestion
(Requires a Cortex XDR Pro per TB license)
Windows DHCP Example File Available in the User Interface
(Requires a Cortex XDR Pro per TB license)
Analytics
Analytics Alert Causality View Enhancement
(Requires a Cortex XDR Pro license)
Multi-Severity for Analytics BIOC Rules
(Requires a Cortex XDR Pro license)
Endpoint Protection
Enhancements to the Cortex XDR Host Firewall
(Requires a Cortex XDR agent 7.5 or a later release for Windows)
Network Packet Inspection Engine
(Requires a Cortex XDR agent 7.5 or a later release for Windows)
Improved Security Content
(Requires a Cortex XDR agent 7.5 or a later release)
Separate Actions for Files Unknown to WildFire and Files with Benign LC Score
(Requires a Cortex XDR agent 7.5 or a later release for Windows)
Quarantine Malicious ELF Files
(Requires a Cortex XDR agent 7.5 or a later release for Linux)
Configurable Device Control Enforcement Pop-Up Message
(Requires a Cortex XDR agent 7.5 or a later release for Windows)
Improved Logs Protection
(Requires a Cortex XDR agent 7.5 or a later release for Linux)
Support for Azure-based Virtual Environments
(Requires a Cortex XDR agent 7.5 or a later release for Windows)
Extending Gatekeeper Protection to Bundles
(Requires a Cortex XDR agent 7.5 or a later release for Mac)
Audit Log for Unauthorized Agent Shutdown
(Requires a Cortex XDR agent 7.5 or a later release for Mac)
Simplified Network Bandwidth Allocation for Security Content Updates
Gradual Rollout for Automatic Agent Upgrades
Broker VM
New FTP Collector in the Broker VM
(Requires a Cortex XDR Pro per TB license)
New Files and Folder Collector in the Broker VM
(Requires a Cortex XDR Pro per TB license)
New Database Collector in the Broker VM
(Requires a Cortex XDR Pro per TB license)
New NetFlow Collector in the Broker VM
(Requires a Cortex XDR Pro per TB license)
Enhanced WEC Certificates Renewal Mechanism
(Requires a Cortex XDR Pro per TB license)
API
Get Violations API Enhancements
Get Incident API Enhancement
New Incident Resolved Statuses
Incident ID Enhancement for Action APIs
Managed Threat Hunting
Managed Threat Hunting Communication and Tracking Enhancements

 

New Cortex XDR Agent 7.5 Features for August 2021*

 

From Improved Security content to New Comprehensive Forensics Add-On, Cortex XDR Agent 7.5 has its own laundry list of new features. 

 

* Information reprinted from the Cortex XDR Agent 7.5 Release notes page.

 

Cross-Platform Features

The following features were added to Cortex XDR agents running on Windows, Mac, and Linux endpoints:
FEATURE
Improved Security Content
Simplified Network Bandwidth Allocation for Security Content Updates
Gradual Rollout for Automatic Agent Upgrades
Granular Exceptions for BTP Alerts
 

Windows Features

The following features were added to Cortex XDR agents running on Windows endpoints:
FEATURE
New Comprehensive Forensics Add-On
(Requires a Forensics add-on license and a Cortex XDR agent 7.4 or later)
Enhancements to the Cortex XDR Host Firewall
Network Packet Inspection Engine
Separate Actions for Files Unknown to WildFire and Files with Benign LC Score
Configurable Device Control Enforcement Pop-Up Message
Support for Azure-based Virtual Environments
Microsoft Exchange Vulnerability Protection
(Requires PTU 193-68672, or PTU 194-68995 and later)
 

Mac Features

The following features were added to Cortex XDR agents running on Mac endpoints:
FEATURE
Extending Gatekeeper Protection to Bundles
Audit Log for Unauthorized Agent Shutdown
 

Linux Features

The following features were added to Cortex XDR agents running on Linux endpoints:
FEATURE
Cortex XDR Agent for Kubernetes Hosts
(Requires a Cortex XDR Cloud per Host license)
Quarantine Malicious ELF Files
Improved Logs Protection

 

 

More Info

Please find the full details on the Cortex XDR Management 3.0 release notes and the Cortex XDR Agent 7.5 Release notes pages.

 

for more information about Cortex XDR, please see the LIVEcommunity Cortex XDR page for a complete Customer Journey Guide, events, webinars, videos, and discussions dedicated to Cortex XDR.

 

 

Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumb up) button, don't forget to subscribe to the LIVEcommunity Blog area.

 

As always, we welcome all comments and feedback in the comments section below.

 

Stay Secure,
Joe Delio
End of line

Register or Sign-in
Labels