On Nov. 1, we released Cortex XDR 2.6, the latest in a series of updates that break down security silos and cross traditional product boundaries to stop ever more sophisticated attacks. Cortex XDR 2.6 introduces a groundbreaking security search engine that combines a rich query language with a deep understanding of data to bring your investigation and threat hunting capabilities to the next level.
With XQL search, we’ve brought advanced query options – traditionally only available with log management and security information and event management (SIEM) solutions – to our detection and response platform. Now, your team can search across XDR data, merge findings from multiple data sources and explore over 800 catalogued fields to find stealthy threats. Investigations that previously required multiple queries across siloed tools can be performed in a snap with XQL search.
Hunt Down Stealthy Threats with XQL Search
With flexible XQL search, you can unearth almost any threat using a broad set of search commands and options. XQL search allows you to find adversary tactics across the attack lifecycle and hunt down stealthy attack behaviors by constructing laser-precise queries. You can also search for indicators of compromise (IoCs) in your data to reveal malicious activity that might otherwise be virtually impossible to find.
Find the Answer to Your Security Questions
To reduce response time, your team needs to quickly triage and verify alerts. With XQL search, your analysts can accelerate investigations by filtering, aggregating and editing search results. They can easily find what they’re looking for using regex and JSON syntax. They can even identify anomalies and understand the impact of attacks by reviewing past activity, including the number of events and the volume of data transfers.
Get Started Quickly with Advanced Query Features
Our new search capability puts the power of XDR data at your fingertips, but it also lets you ramp up swiftly with in-product help. It offers autocomplete predictions as you type search commands. A growing library of query examples allow you to easily execute common searches.
Visualize Search Results
If a picture is worth a thousand words, a chart is worth a thousand rows in a table. With XQL search, you can instantly understand trends and identify anomalies by reviewing pertinent statistics and charts. Simply display your XQL query results as charts or create new query-based widgets in the Cortex XDR dashboard to view graphical representations of your data.
In addition to our new XQL query language for truly accelerated threat hunting and investigations, we have also introduced:
- Google Cloud Platform log ingestion.
- Host inventory for macOS and Linux operating systems.
- New dashboard charts and widgets, including group-based widgets.
- CyberArk authentication for Pathfinder endpoint data collection.
- The ability to open the analysis view, the timeline view and other management pages in the same tab or in a new tab.
For a complete list of new features in Cortex XDR 2.6, see the Cortex XDR release notes. See Cortex XDR licenses to find out which features are available with Cortex XDR Prevent, Cortex XDR Pro per Endpoint and Cortex XDR Pro per TB.
To learn more about XQL search and other recent Cortex XDR enhancements, be sure to watch the keynote sessions at Palo Alto Networks Ignite ’20.