Cortex
Endpoint Agent License Allocation

Cortex XDR regulates agent licenses according to the available license quota and revocation clean-up policy.
Cortex
XDR
regulates agent licenses according to the available license quota and revocation policy.

Enforcement of
Cortex
XDR
Pro per Endpoint Licenses

For the
Cortex
XDR
Pro per Endpoint license,
Cortex
XDR
limits the number of Pro agents and associated Pro capabilities to the number of agents allocated by the license. Pro agent features include:
  • Enhanced Data Collection on the endpoint
  • Remediation analysis
  • Host Insights including Vulnerability Assessment, Host Inventory, and File Search and Destroy
You can further refine the endpoints on which you enable Pro features in your agent settings profiles.
To view the Pro per Endpoint license status for specific endpoints, see View Details About an Endpoint.
If an endpoint requires a Pro per Endpoint license, and you’ve exceeded the number of available Pro per Endpoint licenses, one of your surplus Cloud per Host licenses is automatically consumed as a Pro per Endpoint license for the endpoint.
Pro per Endpoint licenses can be allocated for Cloud virtual machines up to Pro per Endpoint license capacity. To protect a Kubernetes or similar container orchestrator endpoint,
Cortex
XDR
requires a Cloud per Host license.
After utilizing all available Pro per Endpoint and Cloud per Host licenses,
Cortex
XDR
falls back to a
Cortex
XDR
Prevent policy that protects the endpoint but does not include Pro-specific capabilities.
When you exceed the permitted number of Pro and Cloud agents,
Cortex
XDR
displays a notification in the notification area.
Cortex
XDR
permits a small grace over the permitted number but begins enforcing the number of agents after 14 days. If additional Pro agents are required, increase your
Cortex
XDR
Pro per Endpoint license capacity.

Enforcement of
Cortex
XDR
Cloud per Host Licenses

Kubernetes and other container orchestrator endpoints require
Cortex
XDR
Cloud per Host licenses.
Cortex
XDR
auto-identifies if a host is running a container orchestrator and assigns the Cloud per Host license accordingly.
When the Pro per Endpoint license allocation is exceeded, Cloud per Host licenses are consumed as Pro per Endpoint Licenses.

Endpoint License Revocation

With
Cortex
XDR
Prevent and
Cortex
XDR
Pro per Endpoint licenses,
Cortex
XDR
manages licensing for all endpoints in your organization. Each time you install a new
Cortex
XDR
agent on an endpoint, the
Cortex
XDR
agent registers with
Cortex
XDR
to obtain a license. In the case of non-persistent VDI, the
Cortex
XDR
agent registers with
Cortex
XDR
as soon as the user logs in to the endpoint.
Cortex
XDR
issues licenses until you exhaust the number of license seats available.
Cortex
XDR
also enforces a license cleanup policy to automatically return unused licenses to the pool of available licenses. The time at which a license returns to the license pool depends on the type of endpoint:
Endpoint Type
License Return
Agent Removal from
Cortex
XDR
console
Agent Removal from
Cortex
XDR
Database
Standard and mobile devices
After 30 days
After 180 days
After 180 days
(Non-Persistent) VDI and Temporary Session
Immediately after log-off for VDI, otherwise after 90 minutes
After 6 hours
After 7 days
After a license is revoked, if the agent connects to
Cortex
XDR
, reconnection will succeed as long as the agent has not been deleted.
If a deleted agent tries to connect to
Cortex
XDR
during the 180 days period, the agent can resume connection and maintain its agent ID. After the 180 days period, the agent ID is deleted alongside all the associated data. In order to reconnect the agent, you must use Cytool to reconnect it or reinstall it on the endpoint, and the agent will be assigned a new ID and a fresh start.
It can take up to an hour for
Cortex
XDR
to display revived endpoints.

Recommended For You