Show Using the web interface All features and functionality are primarily delivered through the web interface.This includes the initial setup, system-configuration, on-boarding and operational functions such as monitoring and reporting. A role-based access control (RBAC) system is in place to enforce the relevant access and configuration permissions requirements for certain types of individual users or groups. Web interface accessibility standard None or don’t know How the web interface is accessible The web interface is accessible via a subdomain of traps.paloaltonetworks.com (e.g. organisation.aperture.paloaltonetworks.com) or via apps.paloaltonetworks.com. IP Whitelisting can be utilised to restrict access to the management web interface. Web interface accessibility testing N/A API Yes What users can and can't do using the API Get Incidents,Get Extra Incident Data,Update an Incident,Insert CEF Alerts,Insert Parsed Alerts,Isolate Endpoints,Un-isolate Endpoints,Get Endpoints,Get All Endpoints,Scan Endpoints,Cancel Scan Endpoints,Delete Endpoints,Get Policy,Get Device Violations,Get Distribution Version,Create Distributions,Get Distribution Status,Get Distribution URL,Get Audit Management Log,Get Audit Agent Report,Blacklist Files,Whitelist Files,Quarantine Files,Get Quarantine Status,Restore File, Retrieve File API automation tools Other Other API automation tools Python/Go Modules available API documentation Yes API documentation formats Command line interface Yes Command line interface compatibility
Using the command line interface The CLI is primarily used for debugging and support purposes of the endpoint software. It is not used for general purposes. If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at . Tell them what format you need. It will help if you say what assistive technology you use.
This is a bot-free zone. Please check the box to let us know you're human.
One of our sales specialists will be in touch shortly. Read complimentary reports and insightful stories in the
Palo Alto Networks offers an XDR platform called Cortex XDR, packaged as two main versions. Cortex XDR Prevent provides protection for endpoints, and Cortex XDR Pro adds capabilities for networks, cloud resources, and third-party products. The basic functionalities of Cortex XDR include an app for tracking visibility and a data lake for logging. Advanced capabilities feature an analytics engine, next-generation firewalls, agents, and alerts. In this article, you will learn:
Palo Alto’s Cortex XDR is an extended detection and response platform that monitors and manages cloud, network, and endpoint events and data. Cortex XDR combines features for incident prevention, detection, analysis, and response into a centralized platform. There are two available versions of Palo Alto’s Cortex XDR security:
Both versions include alert retention for 30 days and optional extended data retention. The Pro version also includes XDR data retention for both endpoint and network data for 30 days. Check out our guide about XDR security solutions, which compares the top 10 XDR solutions offered by leading vendors, including Palo Alto, Cisco, Microsoft, McAfee, and more. Cortex XDR ArchitectureThe Cortex XDR architecture varies slightly between the product versions but includes several standard components. Both editions rely on the Cortex Data Lake and are designed to correlate your log data across your devices. Basic platform components include:
Advanced platform components include:
Different XDR security solutions offer different architectures. For information about McAfee XDR or Cisco XDR check out our in-depth guides. Cortex XDR Key CapabilitiesCortex XDR provides several key capabilities, designed to secure an organization’s networks and devices. Safeguard assets with endpoint protection Cortex XDR provides endpoint protection against malware, fileless attacks, ransomware, and exploits. Any downloaded files are examined by an analysis engine with AI capabilities. Additionally, behavioral analyses help identify and stop malicious data transfers or processes. Organizations can also integrate with Palo Alto Networks WildFire malware prevention service for increased security and protection. Securely manage USB devices Cortex XDR includes Device Control, a feature designed to monitor and secure USB access to devices. The feature is agentless. It enables organizations to restrict device usage according to endpoint, type, vendor, or Active Directory identities. Device control also enables organizations to limit read and write permissions according to USB device ID. Protect endpoint data with host firewall and disk encryption Firewalls and disk encryption protect endpoints from malicious traffic and reduce the damage done if attackers bypass firewalls. The Cortex XDR firewall provides controls for inbound and outbound communications. Disk encryption can be directly integrated with BitLocker and organizations can encrypt and decrypt data on endpoint devices. Firewall and encryption settings are managed from the UI console. Hunt for threats The Cortex XDR Pro version includes optional features for managed threat hunting and features for manual hunting. Threat hunting can help uncover insider threats, targeted attacks, and hidden malware. It requires carefully searching through system and event data to identify suspicious or malicious activity. The manual features included in Cortex XDR enable organizations to use flexible search features to identify a range of indicators of compromise (IOCs) or behavioral indicators of compromise (BIOCs). IOCs or BIOCs are threat signatures, hashes, addresses, or metadata used to identify known threats. Managed options provide 24/7 support with dedicated threat hunting experts. These hunters search through an organization’s data and provide detailed threat reports on their findings. Natively integrate with Cortex XSOAR Cortex XSOAR (security orchestration, automation, and response) is a solution that can be integrated into Cortex XDR. SOAR solutions are designed to enable automated responses to, typically low-level threats, and can help significantly speed response time. The Cortex XSOAR solution enables organizations to define automation playbooks for incident response. These playbooks can be used to define actions across 370 third-party tools. Playbooks can also ingest incident data, access alerts, and update Cortex XDR incident fields. Beyond XDR Security With Cynet’s Autonomous Breach ProtectionCynet 360 is an autonomous breach protection platform that works in three levels, providing XDR, SOAR, and 24/7 MDR in one unified solution. Cynet natively integrates these three services into an end to end, fully-automated breach protection. Cynet’s XDR layer includes the following capabilities:
Cynet 360 can be deployed across thousands of endpoints in less than two hours. It can be immediately used to uncover advanced threats and then perform automatic or manual remediation, disrupt malicious activity and minimize damage caused by attacks. Get a free trial of Cynet 360 and experience the world’s only integrated XDR, SOAR and MDR solution. |