Configure Global Agent Settings
On top of customizable Agent Settings Profiles for each Operating System and different endpoint targets, you can set global Agent Configurations that apply to all the endpoints in your network.
- From Cortex XDR, select.SettingsAgent Configuration
- Set global uninstall password.The uninstall password is required to remove a Cortex XDR agent and to grant access to agent security component on the endpoint. You can use the default uninstallPassword1defined in Cortex XDR or set a new one andSave. This global uninstall password applies to all the endpoints (excluding mobile) in your network.If you change the password later on, the new default password applies to all new and existing profiles to which it applied before.If you want to use a different password to uninstall specific agents, you can override the default global uninstall password by setting a different password for those agents in the Agent Settings profile.
- Configure content bandwidth allocated for all endpoints.To control the amount of bandwidth allocated in your network to Cortex XDR content updates, assign aContent bandwidth managementvalue between 20-10,000 Mbps.To help you with this calculation, Cortex XDR recommends the optimal value of Mbps based on the number of active agents in your network, and including overhead considerations for large content updates.Cortex XDR will verify that agents attempting to download the content update are within the allocated bandwidth before beginning the distribution. If the bandwidth has reached its cap, the download will be refused and the agents will attempt again at a later time. After you set the bandwidth,Savethe configuration.
- Configure the Cortex XDR agent auto upgrade scheduler and number of parallel upgrades.If Agent Auto Upgrades are enabled for your Cortex XDR agents, you can control the automatic upgrade process in your network:
- Number of agents per batch—Set the number of parallel agent upgrades, while the minimum is 500 agents.
- Task scheduler—You can schedule the upgrade task for specific days of the week and a specific time range. The minimum range is four hours.
- Enable vulnerability assessment datato allow the Cortex XDR agent to collect information about applications installed on the endpoint, including CVE and installed KBs.
- Enable endpoint informationto allow the Cortex XDR agent to collect information about users, groups, services, drivers, hardware, and network shares.
- Configure automated Advanced Analysis of XDR Agent alerts raised by exploit protection modules.Advanced Analysis is an additional verification method you can use to validate the verdict issued by the Cortex XDR agent. In addition, Advanced Analysis also helps Palo Alto Networks researchers tune exploit protection modules for accuracy.To initiate additional analysis you must retrieve data about the alert from the endpoint. You can do this manually on an alert-by-alert basis or you can enable Cortex XDR to automatically retrieve the files.After Cortex XDR receives the data, it automatically analyzes the memory contents and renders a verdict. When the analysis is complete, Cortex XDR displays the results in theAdvanced Analysisfield of the Additional data view for the data retrieval action on theAction Center. If the Advanced Analysis verdict is benign, you can avoid subsequent blocked files for users that encounter the same behavior by enabling Cortex XDR to automatically create and distribute exceptions based on the Advanced Analysis results.
- Configure the desired options:
- Enable Cortex XDR to automatically upload defined alert data files for advanced analysis. Advanced Analysis increases the Cortex XDR exploit protection module accuracy
- Automatically apply Advanced Analysis exceptions to your Global Exceptions list. This will apply all Advanced Analysis exceptions suggested by Cortex XDR, regardless of the alert data file source
- Savethe Advanced Analysis configuration.
Recommended For You
Recommended videos not found.