If you enabled access to the agent console, click the Cortex
XDR agent icon in the menu bar, and select
View status information about the
Cortex XDR agent:
—Displays the agent
—Displays the active policies
On Mac endpoints running macOS 10.15.4, the
the agent console indicates the status of both Malware and Exploit
modules on the endpoint.
—Displays the connection
status and, if connected, includes the server to which the agent
—Displays the local time
on the endpoint of the last check-in with the server.
Manually connect to the server.
The agent periodically communicates with the server to
send status information and retrieve the latest security policy.
The agent performs this operation transparently at regular intervals
so it is not typically necessary to connect to the server manually.
, you can manually retry your connection. This
option is available if you do not want to wait for the automated
communication interval to begin.
To initiate a manual check-in
with the server: On the home page of the Cortex XDR agent console,
Check In Now
. If the agent successfully
establishes a connection with the server, the
changes to indicated the service to which the agent is connected.
Collect and view logs.
to collect Cortex XDR logs. After the Cortex XDR
agent aggregates the logs, you can inspect or send them as needed.
The logs can help you analyze any recent security events or Cortex
XDR issues that you encounter. For remote endpoints, you can also
retrieve logs from the Action Center.
Open Log File
logs generated by the agent. The logs display in your default text
editor in chronological order with the most recent logs at the bottom.
View recent security events that
occurred on your endpoint.
For each event, the agent console displays the local
event occurred, the name of the
exhibited malicious behavior, the
triggered the event, and the mode specified for the type of event
(Termination or Notification).
View protected processes on the
tab of the agent
console displays all running processes in which the Cortex XDR agent
is injected to prevent malicious execution or behavior. The agent
console also indicates the process ID (PID) associated with each