Monitor Agent Operational Status
From the Cortex XDR management console, you have full visibility into the Cortex XDR agent operational status on the endpoint, which indicates whether the agent is providing protection according to its predefined security policies and profiles. By observing the operational status on the endpoint, you can identify when the agent may suffer from a technical issue or misconfiguration that interferes with the agent’s protection capabilities or interaction with Cortex XDR and other applications. The Cortex XDR agent reports the operational status as follows:
- Protected—Indicates that the Cortex XDR agent is running as configured and did not report any exceptions to Cortex XDR.
- Partially protected—Indicates that the Cortex XDR agent reported one or more exceptions to Cortex XDR.
- Unprotected—(Linux only) Indicates the Cortex XDR agent was shut down.
You can monitor the agent
. If the
Operational Statusfield is missing, add it.
The operational status that the agent reports varies according to the exceptions reported by the Cortex XDR agent.
Windows, Mac, and Linux) Indicates all protection modules are running as configured on the endpoint.
Windows, Mac, and Linux:
Status can have the following implications on the endpoint:
Recommended For You
Recommended videos not found.