Install the Traps Agent for Mac - Cortex XDR - Cortex XDR Agent - Advanced Endpoint Protection - Cortex - Security Operations

Traps Agent Administrator Guide
Product
Cortex XDR
Cortex XDR Agent
Version
5.0
Creation date
2022-09-01
Last date published
2023-01-04
Category
Administrator Guide

Before installing Traps on a Mac endpoint, verify that the system meets the requirements described in Traps for Mac Requirements.

Install Traps using a software distribution tool of your choice (such as JAMF) or using the following workflow:

  1. Download the installation package you want to install from the Traps management service.

  2. Copy the installation package to the endpoint on which you want to install the Traps software.

  3. Unzip the installation package.

  4. Configure a Traps specific proxy on the endpoint (Requires Traps agent 5.0.9 supported by Cortex XDR only) .

    If you are deploying Traps in an environment where Traps agents communicate with the Cortex XDR server through a proxy, you must assign the proxy IP address and port number during the Traps agent installation on the endpoint.

    1. Locate the Config.xml file in the unzipped installation folder.

    2. Edit the <proxy_list><proxyserver>:<port></proxy_list> tag.

      • To install a Traps agent with a Traps specific proxy, enter your proxy IP address and port number. You can assign up to five different proxies per agent, and the proxy for communication is selected randomly with equal probability.

        <proxy_list>10.196.20.244:8080,10.196.20.245:8080</proxy_list>

      • To install a Traps agent communicating through the Palo Alto Networks Broker Service, you must enter the broker VM IP address and port number 8888 only.

    3. After the initial installation, you can change the proxy settings in Traps management serviceEndpoints.

  5. Install the Traps software.

    1. Unzip the installation package and run the Traps.pkg installation file.

    2. Click Continue to proceed with the installation.

    3. If prompted to confirm the destination, click Continue.

    4. Click Install to begin the installation.

    5. Enter the User Name and Password of the administrator with access to install software on the endpoint, and then click Install Software.

    6. Allow Traps to install system extensions:

      1. Dismiss the System Extension Blocked warning.

      2. Go to System PreferencesSecurity & PrivacyGeneral and select Allow.

    Traps logs any installation errors to /var/logs/installation.log. If installation fails for any reason, you can view this log to better understand the cause of the installation failure.

  6. After the installation completes, verify your connection.

    1. To open the Traps console, click the Traps icon in the menu bar, and select Open Console.

    2. Click Check In Now to initiate a connection with your tenant of the Traps management service. If successful, the Last Check-In field updates to display the recent check-in date and time.

      Note

      If the Traps agent cannot register with the Traps management service, the agent does not retry registration. To retry, reinstall the Traps agent on the endpoint.