Create an Agent Installation Package

Learn how to create a Cortex® XDR™ agent installation package to deploy to your endpoints.
To install the Cortex XDR agent on the endpoint for the first time, you must first create an agent installation package. After you create and download an installation package, you can then install it directly on an endpoint or you can use a software deployment tool of your choice to distribute the software to multiple endpoints.
To install the Cortex XDR agent software, you must use a valid installation package that exists in your Cortex XDR management console. If you delete an installation package, any agents installed from this package are not able to register to Cortex XDR.
To create a new installation package:
  1. From Cortex XDR, select
    Endpoints
    Endpoint Management
    Agent Installations
    .
  2. Create
    a new installation package.
  3. Enter a unique
    Name
    and an optional
    Description
    to identify the installation package.
    The package
    Name
    must be no more than 100 characters and can contain letters, numbers, hyphens, underscores, commas, and spaces.
  4. Select the
    Package Type
    .
    • Standalone Installers
      —Use for fresh installations and to Upgrade Cortex XDR Agents on a registered endpoint that is connected to Cortex XDR.
    • Upgrade from ESM
      —Use this package to upgrade Traps agents which connect to the on-premises Traps Endpoint Security Manager to Cortex XDR.
    • (
      Linux only
      )
      Kubernetes Installer
      —Use for fresh installations and upgrades of Cortex XDR agents running on Kubernetes clusters.
  5. Specify the installation package settings.
    • (
      Windows, macOS, and Linux
      ) Select the
      Platform
      for which you want to create the installation package and the
      Agent Version
      for the package.
    • (
      Kubernetes only
      ) Configure the settings for your YAML deployment. These settings cannot be changed after you create the installation package:
      • Select the
        Agent Version
        for the package. Enable
        Always deploy with latest agent version
        to ensure that each new node will launch the latest Cortex XDR agent release for which a YAML installation package was created. You must assign an Agent Settings Profile where Agent Auto Upgrade is enabled for this deployment method.
      • Set the Cortex XDR agent DaemonSet namespace. For simplified management, it is recommended to use the default
        cortex-xdr
        namespace.
      • For a more granular deployment, enter any labels or selectors in the
        Node Selector
        . The Cortex XDR agent will be deployed only on these nodes.
      • Configure the Cortex XDR agent to communicate through an intermediary such as a proxy or the Palo Alto Networks Broker Service. To enable the agent to direct communication to an intermediary, you use this installation option to assign the IP address and port number you want the Cortex XDR agent to use. You can also configure the proxy by entering the FQDN and port number. When you enter the FQDN, you can use both lowercase and uppercase letters. Avoid using special characters or spaces.Use commas to separate multiple addresses.
        The Cortex XDR agent does not support proxy communication in environments where proxy authentication is required.
      • You can configure the Cortex XDR agent to
        Run on master node
        , or
        Run on all nodes
        .
  6. Create
    the installation package.
    Cortex XDR prepares your installation package and makes it available on the
    Agent Installations
    page.
  7. Download your installation package.
    When the status of the package shows
    Completed
    , right-click the agent version, and click
    Download
    .
    • For Windows endpoints, select between the architecture type. You can download the installer msi file only, or for Cortex XDR agents 7.4 and later, a distribution package that includes both the installer msi file and the latest content zip. The distribution package is recommended to reduce the network load and time typically required for the initial roll-out or major upgrades of the Cortex XDR agent. To understand the benefits, workflow, and requirements to support this type of deployment, refer to the Cortex XDR agent administrator guide.
    • For macOS endpoints, download the
      ZIP
      installation folder and upload it to the endpoint. To deploy the Cortex XDR agent using
      JAMF
      , upload the
      ZIP
      folder to
      JAMF
      . Alternatively, to install the agent manually on the endpoint, unzip the
      ZIP
      folder and double-click the
      pkg
      file.
    • For Linux endpoints, you can download
      .rpm
      or
      .deb
      installers (according to the endpoint Linux distribution), and deploy the installers on the endpoints using the Linux package manager. Alternatively, you can download a
      Shell
      installer and deploy it manually on the endpoint.
      When you upgrade a Cortex XDR agent version without package manager, Cortex XDR will upgrade the installation process to package manager by default, according to the endpoint Linux distribution.
    • For Kubernetes clusters on Linux endpoints, download the YAML file. Palo Alto Networks strongly recommends that you do not edit this file.
    • For Android endpoints, Cortex XDR creates a tenant-specific download link which you can distribute to Android endpoints. When a newer agent version is available, Cortex XDR identifies older package versions as
      [Outdated]
      .
  8. Next steps:
    As needed, you can return to the
    Agent Installations
    page to manage your agent installation packages. To manage a specific package, right click the agent version, and select the desired action:
    • Edit
      the package name or description.
    • Delete
      the installation package. Deleting an installation package does not uninstall the Cortex XDR agent software from any endpoints.
      Since Cortex XDR relies on the installation package ID to approve agent registration during install, it is not recommended to delete the installation package of active endpoints. If you install the Cortex XDR agent from a package after you delete it, Cortex XDR denies the registration request leaving the agent in an unprotected state. Hiding the installation package will remove it from the default list of available installation packages, and can be useful to eliminate confusion within the management console main view. These hidden installation can be viewed by removing the default filter.
    • Copy text to clipboard
      to copy the text from a specific field in the row of an installation package.
    • Hide
      installation packages. Using the Hide option provides a quick method to filter out results based on a specific value in the table. You can also use the filters at the top of the page to build a filter from scratch. To create a persistent filter, save ( ) it.

Recommended For You