* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Product Features](https://www2.paloaltonetworks.com/blog/security-operations/category/product-features/)
* Cortex XDR Further Extend...

# Cortex XDR Further Extends Network Visibility and Endpoint Control

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F04%2Fcortex-network-visibility%2F)  
[](https://twitter.com/share?text=Cortex+XDR+Further+Extends+Network+Visibility+and+Endpoint+Control&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F04%2Fcortex-network-visibility%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F04%2Fcortex-network-visibility%2F&title=Cortex+XDR+Further+Extends+Network+Visibility+and+Endpoint+Control&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/04/cortex-network-visibility/&ts=markdown)  
\[\](mailto:?subject=Cortex XDR Further Extends Network Visibility and Endpoint Control)  
Link copied  
By [Kasey Cross](https://www.paloaltonetworks.com/blog/author/kasey-cross/?ts=markdown "Posts by Kasey Cross")  
Apr 22, 2020  
4 minutes  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[endpoint](https://www.paloaltonetworks.com/blog/tag/endpoint/?ts=markdown)  
[network visibility](https://www.paloaltonetworks.com/blog/tag/network-visibility/?ts=markdown)

![This conceptual image illustrates the concepts of the extended network visibility and endpoint control in Cortex XDR 2.2.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/04/Cortex-fire.png)

Threat hunting and response across data sources just got a little easier. Cortex XDR application and agent releases in March and April introduce an amazing array of new features to help your security team identify threats in network traffic, orchestrate response at scale and reduce the attack surface of their endpoints.

With so many new features, where do we begin? Let's start with the network viewpoint.

#### **Enhanced Network Visibility**

Since its inception, Cortex XDR could [collect network data](https://www.paloaltonetworks.com/blog/2020/03/cortex-busted-by-cortex-xdr/) and [apply behavioral analytics and AI to uncover attacks](https://www.paloaltonetworks.com/blog/2020/03/cortex-ai/). Now, Cortex XDR extends direct access to network data for threat hunting and custom detection rules. With Cortex XDR, you can:

* Hunt for threats or further investigations by [exploring network traffic logs](https://www.paloaltonetworks.com/blog/2020/02/cortex-network-traffic-analysis/).
* Create granular custom detection rules (BIOCs) based on network data.
* Quickly determine the sequence and scope of an attack by reviewing network and endpoint data together in a new investigation view.

![The new investigation view in Cortex XDR 2.2 displays both network and endpoint context in one place, when both types of data are available.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/04/workgroup.png)
The Network Causality investigation view displays both network and endpoint context in one place, when both types of data are available. It reveals the endpoint activity for multiple hosts involved in an attack, simplifying analysis of adversary techniques.

#### **Cortex XDR Agent Script Execution and More**

There are times when your analysts may need to perform sweeping actions across multiple endpoints at once. Whether collecting endpoint information, updating settings or immediately stopping fast-spreading attacks, remote script execution provides your team a powerful tool to manage endpoints.

With Cortex XDR agent 7.1 for Windows, MacOS, and Linux, you can run Python 3.7 scripts from the Cortex XDR management console and instantly see the results. A new API allows you to execute Python scripts from management and orchestration tools such as Cortex XSOAR. Out-of-the-box scripts make it easy for your team to take advantage of this powerful new feature.
![A screenshot of the management console in Cortex XDR 2.2](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/04/define-action.png)
Your analysts can easily upload and run scripts from the Cortex XDR management console.

Cortex XDR agent 7.1 also introduces important new features that secure your endpoints, address compliance requirements and make it easier than ever for you to replace your legacy antivirus with [extended detection and response](https://www.paloaltonetworks.com/blog/2019/12/cortex-what-is-xdr/). New endpoint security features include:

* A host firewall for Windows endpoints.
* Disk encryption for Windows endpoints.
* File scanning for macOS endpoints.
* MAC address reporting.
* Full visibility into agent operational status.

#### **MITRE ATT\&CK Tagging for Alerts and BIOC Rules**

To help your analysts understand attackers' methods and objectives at each stage of an attack, Cortex XDR now displays the associated MITRE ATT\&CK technique and tactic for every alert that relates to the MITRE ATT\&CK framework.
![A screenshot of the dashboard that displays the top MITRE ATT\&CK techniques and tactics associated with Cortex XDR alerts.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/04/mitre.png)
A new dashboard displays the top MITRE ATT\&CK techniques and tactics associated with Cortex XDR alerts.

#### **Granular Role-Based Access Control (RBAC)**

For fine-grained control of individual permissions assigned to users and roles, Cortex XDR now separates what type of views and actions are permitted for each role. Roles are defined in the hub and allow customers to create and save new roles based on a broad set of permissions, edit role permissions, and more.

#### **Alert and Log Forwarding from Cortex XDR**

You can configure forwarding policies for alerts, management audit logs, agent audit logs and dashboard reports from the Cortex XDR application. You can also now forward alerts to Slack channels and Syslog servers, in addition to email accounts, and forward audit logs to Syslog servers.

#### **Broker VM Enhancements**

To ease the [deployment of the Broker VM](https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr-pro/set-up-broker-vm.html), you can download the Broker VM images directly from the Cortex XDR management console. The registration and configuration are managed through the following web consoles:

* **Broker web console** : You can configure and register the Broker VM to Cortex XDR from the web console without needing to access the Broker VM directly.
* **Cortex XDR management console:** You can manage Broker VM settings through the Cortex XDR management console, including tracking connectivity, editing configurations and enabling realtime monitoring.

#### **Improved Manageability for MSSPs**

Cortex XDR now allows Managed Security Services Providers (MSSPs) to easily manage security on behalf of their clients. MSSPs can now:

* Configure profiles, behavioral alert (BIOC) rules, exclusions and starred alerts for each child tenant.
* View alerts, incidents, causality cards and timelines of child tenants from the parent tenant.
* Run investigation queries on child tenants from the parent tenant.

The above features are available with the Cortex XDR agent release 7.1 and later and with Cortex XDR version 2.2 and later. In addition to the features listed above, Cortex XDR includes updates that improve usability, simplify tuning and deployment, enhance APIs, and accelerate analysts' tasks. For a complete list of new features introduced in March and April, see the [Cortex XDR release notes](https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-release-notes/release-information/features-introduced/features-introduced-in-2020.html#iddb59f5e7-aac3-4e46-a08d-ab6f7a304416) and the [Cortex XDR agent release notes](https://docs.paloaltonetworks.com/cortex/cortex-xdr/7-1/cortex-xdr-agent-release-notes/cortex-xdr-agent-release-information/features-introduced-in-cortex-agent.html).

*** ** * ** ***

## Related Blogs

### [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Cortex XDR 2.5: Future-Proofed Security Operations With Host Insights](https://www2.paloaltonetworks.com/blog/2020/09/cortex-xdr-2-5/)

### [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Build Endpoint Security into Your Zero Trust Strategy](https://www2.paloaltonetworks.com/blog/2020/06/cortex-build-endpoint-security/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Battling macOS Malware with Cortex AI](https://www2.paloaltonetworks.com/blog/security-operations/battling-macos-malware-with-cortex-ai/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Understand and Protect Your Environment with Cortex 3.7](https://www2.paloaltonetworks.com/blog/security-operations/understand-and-protect-your-environment-with-cortex-3-7/)

### [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Cortex XDR 2.6: Better Search for Better Threat Hunting](https://www2.paloaltonetworks.com/blog/2020/11/cortex-xdr-2-6/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Moving Beyond Traditional EDR](https://www2.paloaltonetworks.com/blog/2020/10/secops-beyond-traditional-edr/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language