Cortex XDR License Allocation
Cortex XDR regulates agent licenses according to the
available license quota and revocation clean-up policy.
Enforcement of Cortex XDR Pro Agent Licenses
For the Cortex XDR Pro per Endpoint license, Cortex
XDR limits the number of Pro agents and associated Pro capabilities
to the number of agents allocated by the license. Pro agent features
include:
- Enhanced Data Collection on the endpoint
- Remediation analysis
- Host Insights including Vulnerability Assessment, Host Inventory, and File Search and Destroy
You can further refine the endpoints on which you enable Pro
features in your agent settings profiles.
After utilizing all available Pro licenses, Cortex XDR falls
back to a Cortex XDR Prevent policy that protects the endpoint but
does not include Pro-specific capabilities. When you exceed the
permitted number of Pro agents, Cortex XDR displays a notification
in the notification area. Cortex XDR permits a small grace over
the permitted number but begins enforcing the number of agents after
14 days. If additional Pro agents are required, increase your Cortex
XDR Pro per Endpoint license capacity.
To view the Pro license status for specific endpoints, see the View Details About an Endpoint.
License Revocation
License Revocation
With Cortex XDR Prevent and Cortex XDR Pro per Endpoint
licenses, Cortex XDR manages licensing for all endpoints in your
organization. Each time you install a new Cortex XDR agent on an
endpoint, the Cortex XDR agent registers with Cortex XDR to obtain
a license. In the case of non-persistent VDI, the Cortex XDR agent
registers with Cortex XDR as soon as the user logs in to the endpoint.
Cortex XDR issues licenses until you exhaust the number of license
seats available. Cortex XDR also enforces a license cleanup policy
to automatically return unused licenses to the pool of available licenses.
The time at which a license returns to the license pool depends
on the type of endpoint:
Endpoint Type | License Return | Agent Removal from Cortex XDR console | Agent Removal from Cortex XDR Database |
---|---|---|---|
Standard and mobile devices | After 30 days | After 180 days | After 180 days |
(Non-Persistent) VDI and Temporary Session | Immediately after log-off for VDI, otherwise
after 90 minutes | After 6 hours | After 7 days |
After a license is revoked, if the agent connects to Cortex XDR,
reconnection will succeed as long as the agent has not been deleted.
After an agent is deleted, the agent ID and all the relevant
agent data are deleted from the Cortex XDR database. If the agent
connects to Cortex XDR after it was deleted from the database, the agent
is assigned a new ID and a fresh start.
It can take up to an hour for Cortex XDR to display revived
endpoints.
Recommended For You
Recommended Videos
Recommended videos not found.