Open Remote Terminal

Cortex XDR allows you to remotely connect to a broker VM directly from the Cortex XDR console.
  1. Navigate to
    Cortex XDR app
    gear.png
    Settings
    Broker
    VMs
    table.
  2. Locate the broker VM you want to connect to, right-click and select
    Open Remote Terminal
    .
    Cortex XDR opens a CLI window where you can perform the following commands:
    • Logs
      Broker VM logs located are located in
      /data/logs/ folder
      and contain the applet name in file name. For example, folder
      /data/logs/[applet name]
      , containing
      container_ctrl_[applet name].log
    • Ubuntu Commands
      Cortex XDR Broker VM supports all Ubuntu commands. For example,
      telnet 10.0.0.10 80 or ifconfig -a
      .
    • Sudo Commands
      Cortex XDR requires you use the following values when running commands:
      Applet Names
      • Agent Proxy—
        tms_proxy
      • Syslog Collector—
        anubis
      • WEC—
        wec
      • Network Mapper—
        network_mapper
      • Pathfinder—
        odysseus
      Services
      • Upgrade-—
        zenith_upgrade
      • Frontend service—
        webui
      • Sync with Cortex XDR—
        cloud_sync
      • Internal messaging service (RabbitMQ)-—
        rabbitmq-server
      • Uploads metrics to the Cortex XDR—
        metrics_uploader
      • Prometheus node exporter—
        node_exporter
      • Backend service—
        backend
      Command
      Description
      Example
      applets_restart
      Restarts one or more applets.
      >
      sudo applets_restart wec
      applets_start
      Start one or more applets.
      >sudo applets_start wec
      applets_status
      Check the status of one or more applets.
      > sudo applets_status wec
      applets_stop
      Stop one or more applets.
      > sudo applets_stop wec
      services_restart
      Restarts one or more services. OS services are not supported.
      > sudo services_restart cloud_sync
      services_start
      Start one or more services
      > sudo services_start cloud_sync
      services_status
      Check the status of one or more services.
      > sudo services_status cloud_sync
      services_stop
      Stop one or more services.
      > sudo services_restart cloud_sync
      set_ui_password.sh
      Changes password of the Broker VM Web UI.
      Run the command, enter the new password followed by Ctrl+D.
      > sudo set_ui_password.sh
      tcpdump
      Linux capture network traffic command.
      You must use
      -w
      flag in order to print output to file.
      > sudo tcpdump -i eth0 -w /tmp/packets.pcap
      kill
      Linux kill command.
      > sudo kill [some pid]
      route
      Modify your IP address routing.
      /sbin/route

Recommended For You