Retrieve Support Logs from an Endpoint

Log in to Cortex XDR.
Go to
Response
Action Center
+ New Action
.
Select
Retrieve Support File
and click
Next
.
Select the target endpoints (up to 10) from which you want to retrieve logs.
If needed,
Filter
the list of endpoints. For more information, refer to Filter Page Results.
Click
Next
.
Review the action summary and click
Done
when finished.
In the next heart beat, the agent will retrieve the request to package and send all logs to Cortex XDR.
To track the status of a support log retrieval action, return to the
Action Center
.
When the status is
Completed Successfully
, you can right-click the action and download the support logs. Cortex XDR retains retrieved files for up to 30 days.
If at any time you need to cancel the action, you can right-click it and select
Cancel for pending endpoint
. You can cancel the retrieval action only if the endpoint is still in
Pending
status and no files have been retrieved from it yet. The cancellation does not affect endpoints that are already in the process of retrieving files.
To view additional data and download the support logs, right-click the action and select
Additional data
.
You will see all endpoints from which files are being retrieved, including their
IP Address
,
Status
, and
Additional Data
.
When the action status is
Completed Successfully
, you can right-click the action and download the retrieved logs.
Cortex XDR retains retrieved files for up to 30 days.