I proceeded to install cortex XDR on a Kali, respecting the installation parameter chmod + x Kali.sh - --proxy-list "proxysrv: 8080,10.250.1.34: 8080" However, the client cannot contact the broker the error it is a timeout. my query is the following, is the proxy broker compatible with the linux agent? What more tests should I carry out to know if the broker works or not ... since with the preventive license that I have from the console the information is null and I do not know if the agents connect to the broker or not.
Im not sure without research of a kali flavor limitation.. I do not see it on the compatibility matrix but that doesn't mean it wont run. That usually means not supported. You found another issue though maybe!
Run the installation package on each endpoint according to the endpoint OS. During installation you must configure the IP address of the broker VM and a port number. You can use the default 8888 port or set a custom port. See the Cortex XDR Agent Administrator’s Guide < Link for installation instructions.
When you page down to Linux Configure proxy communication in the second link the example shows:
If defined, the agent uses the proxy settings defined in the system environment in /etc/environment. blah blah blah... For example: https_proxy="https://10.196.20.244:8080"
I noted the use of 8080 in your statement. You are probably not using 8080 for the broker VM. Try 8888. Mostly seek consistency of the two (broker and client) ports in your environment with whatever ports you used.
I can see a potential problem in messaging across the documentation as they are usually created in separate efforts. Examples should define default variable throughout but tech writing doesn't require tech comprehension. If it proves to be true just ask Palo Alto to modify the Cortex Docs for consistency in messaging in those locations at the links above. Documentation is a tough job. I'm sure it will be well received suggestion and they will fix.
The problem may be the Linux machine itself. Kali is ran on a CentOS workstation. The Cortex XDR Linux agent is only supported on Linux servers. What OS flavor are you using?
Second question, what types of machines will be leveraging the broker?
Dear thank you very much for your answer, but by default I used port 8888 in the broker, but from the support of palo alto they made me change it to 8080 since I am in an environment under proxy ... The reason for such change, I do not know in absolute.
However, the Broker is configured to listen on port 8080 from the cloud console, and the terminals have the proxy configured for port 8080
....I did not test the proxy configuration of the operating system I will try that part in advance thank you very much
Dear kali, it is a debian based distro, I use it simply not to work directly with productive servers and not have any unknown problems. I observe that the EDR has the services active in the kali, and I have no errors in the logs, I only observe the timeout against the broker. However, if you assure me that Cortex does not work with Kali, I will have to perform tests on productive Debian systems and verify that everything works correctly.
Going to the second question, the intention is to use the broker in environments that do not have direct access to the internet. I appreciate your help in advance.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!