Configure Global Agent Settings
The different Cortex® XDR™ agents that operate on your endpoints require configuration of different global settings.
On top of customizable Agent Settings Profiles for each Operating System and different endpoint targets, you can set global Agent Configurations that apply to all the endpoints in your network.
- From the Cortex XDR management console, select.Settings ( )ConfigurationsGeneralAgent Configuration
- Set global uninstall password.The uninstall password is required to remove a Cortex XDR agent and to grant access to agent security component on the endpoint. You can use the default uninstallPassword1defined in Cortex XDR or set a new one andSave. This global uninstall password applies to all the endpoints (excluding mobile) in your network.If you change the password later on, the new default password applies to all new and existing profiles to which it applied before.If you want to use a different password to uninstall specific agents, you can override the default global uninstall password by setting a different password for those agents in the Agent Settings profile.
- Configure content bandwidth allocated for all endpoints.To control the amount of bandwidth allocated in your network to Cortex XDR content updates, assign aContent bandwidth managementvalue between 20-10,000 Mbps.To help you with this calculation, Cortex XDR recommends the optimal value of Mbps based on the number of active agents in your network, and including overhead considerations for large content updates.Cortex XDR will verify that agents attempting to download the content update are within the allocated bandwidth before beginning the distribution. If the bandwidth has reached its cap, the download will be refused and the agents will attempt again at a later time. After you set the bandwidth,Savethe configuration.
- Configure the Cortex XDR agent auto upgrade scheduler and number of parallel upgrades.If Agent Auto Upgrades are enabled for your Cortex XDR agents, you can control the automatic upgrade process in your network:
- Amount of agents per batch—Set the number of parallel agent upgrades, while the maximum is 500 agents.
- Days in week—You can schedule the upgrade task for specific days of the week and a specific time range. The minimum range is four hours.
- Configure automated Advanced Analysis of XDR Agent alerts raised by exploit protection modules.Advanced Analysis is an additional verification method you can use to validate the verdict issued by the Cortex XDR agent. In addition, Advanced Analysis also helps Palo Alto Networks researchers tune exploit protection modules for accuracy.To initiate additional analysis you must retrieve data about the alert from the endpoint. You can do this manually on an alert-by-alert basis or you can enable Cortex XDR to automatically retrieve the files.After Cortex XDR receives the data, it automatically analyzes the memory contents and renders a verdict. When the analysis is complete, Cortex XDR displays the results in theAdvanced Analysisfield of the Additional data view for the data retrieval action on theAction Center. If the Advanced Analysis verdict is benign, you can avoid subsequent blocked files for users that encounter the same behavior by enabling Cortex XDR to automatically create and distribute exceptions based on the Advanced Analysis results.
- Configure the desired options:
- Enable Cortex XDR to automatically upload defined alert data files for advanced analysis. Advanced Analysis increases the Cortex XDR exploit protection module accuracy
- Automatically apply Advanced Analysis exceptions to your Global Exceptions list. This will apply all Advanced Analysis exceptions suggested by Cortex XDR, regardless of the alert data file source
- Savethe Advanced Analysis configuration.
- Configure the Cortex XDR Agent license revocation and deletion period.This configuration applies to standard endpoints only and does not impact the license status of agents for VDIs or Temporary Sessions.
- Configure the desired options:
- Connection Lost (Days)—Configure the number of days after which the license should be returned when an agent loses the connection to Cortex XDR. Default is 30 days; Range is 2 to 60 days.
- Agent Deletion (Days)—Configure the number of days after which the agent and related data is removed from the Cortex XDR management console and database. Default is 180 days; Range is 3 to 360 days and must exceed theConnection Lostvalue.
- Savethe Agent Status configuration.
Recommended For You
Recommended videos not found.