Migrate to New Tenant

SeanDeHarris — Mon, 14 Aug 2023 02:59:04 GMT

Hi XDR Experts,

For reasons, we need to migrate all the agents from existing "tenant A" to a new "tenant B" before the old one expires.

Is there any automated/faster way to do so?

Or we need to do it manually with bunch of export and import, change to the new managing server in the old tenant.

For manual procedure that come up to my mind,

1) Activate new tenant

2) Under old tenant, Export profiles (malware, exploit, agent setting, device control configuration, Disk Encryption Profile ), policies, exception rules, host firewall rules, global exceptions

3) Under new tenant, Import the settings from step2.

4) Generate new agent installer (Agent Installation Id) in new tenant

5) Change managing server with Agent Installation Id (step 4) in the old tenant.

6) Confirm the agents appear in the new tenant.

Is there any missing?

Your comments are welcome.

Re: Migrate to New Tenant

neelrohit — Mon, 14 Aug 2023 05:16:18 GMT

Hi @SeanDeHarris ,

Thank you for writing to live community!

The migration of endpoints and configurations in Cortex XDR is a manual process and involves planning and manual efforts for the same.

Following is being assumed here:

You have no third party/ Pro Per TB license
You do not have Airgapped systems behind brokers
You do not have Kubernetes agents deployed in your environment
You have already whitelisted all the URLs related to the new tenant required for agent communication.

I am listing the steps down in chronological order for use case and adoption for the same.

Export profiles and policies and associated exceptions.
Add them and create them in new tenant.
Import any custom IOC/BIOC rules created and import them to the new tenant
Create dynamic endpoint groups as in the old tenant
Configure global settings as per recommended practice or replicate the same(recommended to use new practice as the new instance would be on v3.7)
Add hash allowlist/block list using hash exceptions
Create alert exclusions as per the used case or replicate as per the old tenant
Check any global exceptions or exceptions.
Incident Configuration Migrations(Exclusions, Scoring, Featured Fields)
Export/Import Uncommon Host Firewall Rule Groups
Create and append all scheduled queries and library queries
Validate and migrate test batches to see if the behaviour is same.
Migrate Agents using console or cytool commands as and when applicable.
Delete all the existing packages in the old tenant so that the offline existing packages become unusable for agent communication on erroneous installation.

All of this would require some coordination and efforts from your internal teams (IT, servers, infrastructure and network teams) and needs to be handled manually.

Hope this helps. Please mark the response as "Accept as Solution" if it answers your query.

topic Re: Migrate to New Tenant in Cortex XDR Discussions

Migrate to New Tenant

Re: Migrate to New Tenant