![\"This](\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/04\/Cortex-fire.png\")
<\/span><\/div><\/p>\nThreat hunting and response across data sources just got a little easier. Cortex XDR application and agent releases in March and April introduce an amazing array of new features to help your security team identify threats in network traffic, orchestrate response at scale and reduce the attack surface of their endpoints.\u00a0<\/span><\/p>\n With so many new features, where do we begin? Let\u2019s start with the network viewpoint.<\/span><\/p>\n <\/p>\n Since its inception, Cortex XDR could <\/span>collect network data<\/span><\/a> and <\/span>apply behavioral analytics and AI to uncover attacks<\/span><\/a>. Now, Cortex XDR extends direct access to network data for threat hunting and custom detection rules. With Cortex XDR, you can:<\/span><\/p>\n There are times when your analysts may need to perform sweeping actions across multiple endpoints at once. Whether collecting endpoint information, updating settings or immediately stopping fast-spreading attacks, remote script execution provides your team a powerful tool to manage endpoints.\u00a0<\/span><\/p>\n With Cortex XDR agent 7.1 for Windows, MacOS, and Linux, you can run Python 3.7 scripts from the Cortex XDR management console and instantly see the results. A new API allows you to execute Python scripts from management and orchestration tools such as Cortex XSOAR. Out-of-the-box scripts make it easy for your team to take advantage of this powerful new feature.<\/span><\/p>\n Cortex XDR agent 7.1 also introduces important new features that secure your endpoints, address compliance requirements and make it easier than ever for you to replace your legacy antivirus with <\/span>extended detection and response<\/span><\/a>. New endpoint security features include:<\/span><\/p>\n <\/p>\n To help your analysts understand attackers\u2019 methods and objectives at each stage of an attack, Cortex XDR now displays the associated MITRE ATT&CK technique and tactic for every alert that relates to the MITRE ATT&CK framework. <\/span><\/p>\n For fine-grained control of individual permissions assigned to users and roles, Cortex XDR now separates what type of views and actions are permitted for each role. Roles are defined in the hub and allow customers to create and save new roles based on a broad set of permissions, edit role permissions, and more.\u00a0<\/span><\/p>\n <\/p>\n You can configure forwarding policies for alerts, management audit logs, agent audit logs and dashboard reports from the Cortex XDR application.\u00a0You can also now forward alerts to Slack channels and Syslog servers, in addition to email accounts, and forward audit logs to Syslog servers.<\/span><\/p>\n <\/p>\n To ease the<\/span> deployment of the Broker VM<\/span><\/a>, <\/span>you can download the Broker VM images directly from the Cortex XDR management console. The registration and configuration are managed through the following web consoles:<\/span><\/p>\n <\/p>\n Cortex XDR now allows Managed Security Services Providers (MSSPs) to easily manage security on behalf of their clients. MSSPs can now:<\/span><\/p>\n The above features are available with the Cortex XDR agent release 7.1 and later and with Cortex XDR version 2.2 and later.\u00a0 In addition to the features listed above, Cortex XDR includes updates that improve usability, simplify tuning and deployment, enhance APIs, and accelerate analysts\u2019 tasks. For a complete list of new features introduced in March and April, see the<\/span> Cortex XDR release notes<\/span><\/a>\u00a0and the Cortex XDR agent release notes<\/a>.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":" Cortex XDR enhances network visibility and endpoint control, making threat hunting and response across data sources easier.<\/p>\n","protected":false},"author":370,"featured_media":109834,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6770],"tags":[6737,532,6971],"coauthors":[3907],"class_list":["post-109833","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-the-future","tag-cortex-xdr","tag-endpoint","tag-network-visibility","sec_ops_category-product-features"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/04\/Cortex-fire.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/109833","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/370"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=109833"}],"version-history":[{"count":4,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/109833\/revisions"}],"predecessor-version":[{"id":110134,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/109833\/revisions\/110134"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/109834"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=109833"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=109833"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=109833"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=109833"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Enhanced Network Visibility\u00a0<\/b><\/h4>\n
\n
![\"The](\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/04\/workgroup.png\")
<\/span><\/div>Cortex XDR Agent Script Execution and More<\/b><\/h4>\n
![\"A](\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/04\/define-action.png\")
<\/span><\/div>\n
MITRE ATT&CK Tagging for Alerts and BIOC Rules<\/b><\/h4>\n
![\"A](\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/04\/mitre.png\")
<\/span><\/div>Granular Role-Based Access Control (RBAC)<\/b><\/h4>\n
Alert and Log Forwarding from Cortex XDR\u00a0<\/b><\/h4>\n
Broker VM Enhancements<\/b><\/h4>\n
\n
Improved Manageability for MSSPs<\/b><\/h4>\n
\n