- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Palo Alto Networks releases Cortex XDR 2.2. Read about the new features available in Cortex XDR 2.2, including Incident, Agent Management, and Global Improvements. See how these features can help keep your network secure. Find answers on LIVEcommunity.
There were a lot of new features for Cortex XDR 2.2 introduced in March.
The following table describes the features released in March 2020.
FEATURE | DESCRIPTION |
Incident Management |
|
Injection Events |
You can now easily view more information about injector and injected processes directly from the Causality View and Query Center Results table without the need to navigate between tabs.
|
Rule Visibility for BIOC and IOC Alerts | You can now easily view the BIOC or IOC rules that generated alerts directly from the Alerts table without the need to open a new tab. In the Causality View of the alert or incident, right-click an alert row in the Events table and select View generating rule. |
Windows Event Log Enhancements | You can now run a query, investigate an event, and create BIOC rules for Windows Event Log data. |
New Alert Table Fields | The Alerts table has been enhanced with additional fields to help you filter and manage your alerts:
|
Causality View Event Enhancements | To enable easier navigation taking action more quickly during investigation within the Cortex XDR management console, Behavioral Threat Protection has been enhanced so that you can quickly whitelist, blacklist, terminate, and quarantine a process. |
Agent Management |
|
Alert Action Enhancements | You can easily create a profile exception directly from the Alerts table without the need to open a new tab. If no Exception profile exists it will allow you to create a new exception. |
Action Center Static Filters | To help you filter relevant endpoints when initiating a new action, Cortex XDR now provides a static filter on the endpoints table that applies to the targets defined in your action. When navigating to Response Action Center +New Action, in the Target step, the Endpoints table displays only endpoints that are eligible for the action you want to perform. |
Management Features |
|
Device Control Configuration Enhancements | You now have the ability to manually insert the Vendor and Product ID in hexadecimal code when you add a Device Control Profile. |
MITRE ATT&CK Tagging for Alerts and BIOC Rules | To help you better manage and get more insights into the types of Alerts and BIOC rules, you can now view the associated MITRE ATT&CK Technique and MITRE ATT&CK Tactic fields. |
Auto-Disable of BIOC Rules | To ensure your BIOC rules raise alerts efficiently and do not overcrowd your Alerts table, Cortex XDR now automatically disables any BIOC rules that reach 5000 or more hits over a 24 hour period. BIOC rules that trigger 5000 or more alerts can indicate that the BIOC rule is too general and that you should refine the rule configuration. |
Global Improvements |
|
Enhanced Network Visibility |
To provide a more complete and comprehensive summary of processes and activity surrounding a security event, Cortex XDR now stitches together firewall network logs and raw endpoint data. Cortex XDR uses the stitched data to visually depict the source and destination of security processes and connections made over the network. With enhanced network visibility, you can:
|
Granular Role-Based Access Control |
To help you better manage user access permissions in Cortex XDR, RBAC configurations now separate what type of views and actions are permitted for each role. Roles are defined in the hub and allow you to:
|
In-App Configuration of Alert and Log Forwarding |
To help you stay up-to-date and informed with alerts and logs that matter to you most, Cortex XDR now expands alert notifications to include management audit logs, agent audit logs, and dashboard reports. In addition to forwarding alerts to email accounts, you can now forward alerts to Syslog servers and Slack channels
|
Managed Security Improvements |
Cortex XDR managed security allows Managed Security Services Providers (MSSP) to easily manage security on behalf of their clients. You can now:
|
Cortex XDR License Notifications | To keep you informed of updates made to your license and avoid service disruptions, Cortex XDR now displays a notification of changes made to your license when you log in. If any actions are required from you. |
Broker VM Enhancements |
To ease the deployment of Broker VM, the broker VM images are now available directly from the Cortex XDR console. The registration and configuration are managed through web consoles:
|
Content Roll-out Control |
To allow you better control of the security content in your environment, Cortex XDR now allows you to:
The settings can be assigned to specific targets using the policy rules. |
Public APIs |
|
API Response Enhancements |
When running the following APIs, the true response has been replaced with an action-_id field - {"reply": {"action_id": X} |
New Public APIs for Endpoint and Agent Management |
Using new Cortex XDR APIs, you can retrieve and manage incidents, endpoints, agents, and installation packages in your environment. The following API capabilities have been added: |
In addition to the new features listed above, Customers can also view Cortex XDR 2.2 new feature videos.
Stay up to date and bookmark the TechDocs page on Cortex XDR Release Notes.
Thanks for taking time to read the blog.
If you enjoyed this, please hit the Like (thumbs up) button, don't forget to subscribe to the LIVEcommunity Blog.
Stay Secure,
Kiwi out!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
5 Likes | |
2 Likes | |
2 Likes | |
2 Likes | |
2 Likes |
User | Likes Count |
---|---|
10 | |
2 | |
2 | |
2 | |
1 |