Manage Agent Tokens

You can manage tokens per agent to retrieve the password used to run functions at the agent.
You can now run some of the agent functions that require administrative passwords using a unique token shared between
Cortex
XDR
server and
Cortex
XDR
agent.
There are two types of tokens that can be set.
  • Rolling token
    —this token is automatically generated per endpoint every fourteen days by the system and then sent to the relevant agent.
  • Temporary token
    —this token enables you to set a temporary token which is valid anywhere from one to twenty-one days.
    Agent token is supported from
    Cortex
    XDR
    server version 3.3 and
    Cortex
    XDR
    agent version 7.7.1. It is only supported for Windows and Mac.
  1. View agent password.
    You can view the password of the selected agent. Whether the password is from a rolling token or temporary token is indicated in the dialog.
    1. Select
      Endpoints
      All Endpoints
      Endpoint Control
      View Token
      .
    2. Click the copy button to copy the password displayed and then click
      Ok
      .
    You can now use the password to run functions at the agent.
  2. Add temporary token.
    You can generate a temporary token for any of the agents for a specified number of days between one to twenty-one days. If the agent is disconnected, it gets the temporary token when the agent connects.
    You can select a single or many endpoints at once to add a temporary token.
    1. Select
      Endpoints
      All Endpoints
      Endpoint Control
      Set Temporary Token
      .
    2. In the
      Token Expiration
      field, add the number of days for which to generate a temporary token for the agent and then click the
      Add Token Expiration
      blue arrow.
    3. Click the copy button to copy the password displayed and then click
      Create
      to begin generating the token.
    4. Go to the
      Action Center
      to view which agent received the temporary token.
    You can now use the password to run functions at the agent.
  3. Retrieve token using token hash from the endpoint.
    If the endpoint is disconnected from the server at the point the rolling token was updated, it won’t be possible to run agent functions with the updated token from the server. You can still retrieve the password to run functions at the agent.
    1. From the agent, run the cytool.exe to run the
      token query
      command. This command displays the current token of the endpoint.
    2. Copy the token from the command line interface of the agent.
    3. In the server, at the top of the page, click the
      Retrieve Token
      button.
    4. In the
      Retrieve Token
      dialog, in the
      Hash
      field, paste the token that you copied from the endpoint.
    5. Click the copy button to copy the password displayed and then click
      Ok
      .
      You can now use the password to run functions at the agent.

Recommended For You