Feature Request: The ability to automatically quarantine hosts where the Agents are not up to a specific version (Ideally N-1,2)

DanCartaginese — Wed, 21 Sep 2022 20:39:41 GMT

I believe that right now, the only way to do this would be from the action center and filter via Agent Version and manually quarantine each host that is on an EOL agent version that didnt get auto-upgraded.

I cant seem to find anything on this from a policy perspective side of things unless I'm looking in the wrong spot.

Any help is appreciated.

Re: Feature Request: The ability to automatically quarantine hosts where the Agents are not up to a specific version (Ideally N-1,2)

bbarmanroy — Thu, 22 Sep 2022 07:11:00 GMT

Hi @DanCartaginese there's no way to manually do that within the console as of date.

What you can do using automation is:

A) have the Endpoints API retrieve the agent version for all endpoints and then isolate those specific endpoints with the Isolate API. You'd have to wrap it with a timer to run periodically.

B) have a policy that identifies endpoints that need to be upgraded (say anything <v7.7) and upgrade them to the latest version. This is my preferred recommendation as this ensures that the endpoints are always picked up and upgraded in case they fall through the cracks. Furthermore, use that information in a report that gets emailed on a weekly basis for any endpoints that are EOL to investigate and manually intervene, if necessary.

topic Feature Request: The ability to automatically quarantine hosts where the Agents are not up to a specific version (Ideally N-1,2) in Cortex XDR Discussions

Feature Request: The ability to automatically quarantine hosts where the Agents are not up to a specific version (Ideally N-1,2)

Re: Feature Request: The ability to automatically quarantine hosts where the Agents are not up to a specific version (Ideally N-1,2)