Use the Cortex XDR Agent for Mac

  • Open the Cortex XDR Agent application.
    Use one of the following methods:
    • Browse to the Traps folder in Finder.
    • If you enabled access to the agent console, click the Cortex XDR agent icon in the menu bar, and select
      Open Console
      .
  • View status information about the Cortex XDR agent:
    • Version
      —Displays the agent version.
    • Protection
      —Displays the active policies in bold.
    • Connection
      —Displays the connection status and, if connected, includes the server to which the agent is connected.
    • Last Check-in
      —Displays the local time on the endpoint of the last check-in with the server.
  • Manually connect to the server.
    The agent periodically communicates with the server to send status information and retrieve the latest security policy. The agent performs this operation transparently at regular intervals so it is not typically necessary to connect to the server manually. If your
    Connection
    status is
    Not Connected
    , you can manually retry your connection. This option is available if you do not want to wait for the automated communication interval to begin.
    To initiate a manual check-in with the server: On the home page of the Cortex XDR agent console, click
    Check In Now
    . If the agent successfully establishes a connection with the server, the
    Connection
    status changes to indicated the service to which the agent is connected.
  • Collect and view logs.
    • Collect logs
      Generate Support File
      to collect Cortex XDR logs. After the Cortex XDR agent aggregates the logs, you can inspect or send them as needed. The logs can help you analyze any recent security events or Cortex XDR issues that you encounter. For remote endpoints, you can also retrieve logs from the Action Center.
    • View logs—Click
      Open Log File
      to view logs generated by the agent. The logs display in your default text editor in chronological order with the most recent logs at the bottom.
  • View recent security events that occurred on your endpoint.
    For each event, the agent console displays the local
    Time
    an event occurred, the name of the
    Process
    that exhibited malicious behavior, the
    Module
    that triggered the event, and the mode specified for the type of event (Termination or Notification).
  • View protected processes on the Mac endpoint.
    The
    Protection
    tab of the agent console displays all running processes in which the Cortex XDR agent is injected to prevent malicious execution or behavior. The agent console also indicates the process ID (PID) associated with each process.
  • Configure proxy communication.
    The agent can communicate with Cortex XDR using the system proxy server that you define for the endpoint. For information on How to Enter Proxy Settings, see the documentation for your Mac operating system version. If you prefer to use an application proxy, configure a Cortex XDR agent specific proxy.

Recommended For You