Agent script Library

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Agent script Library

L2 Linker

Hello, 

 

I would like to know if a script to that invokes live terminal or other functions related to Cortex XDR can be done using agent script library.

1 accepted solution

Accepted Solutions

L4 Transporter

Hi @NivedaR,

 

The automation feature in 3.6 and Live Terminal are 2 separate features.  Live Terminal is an action that can only be done in the Cortex XDR Tenant.  There is no need for a script to run Live Terminal.  Here are 2 ways you can access Live Terminal.  

 

1. Incident Response -> Live Terminal

Screen Shot 2023-03-20 at 10.17.17 AM.png

 

2. Endpoints -> All Endpoints -> right click on the desired endpoint -> Security Operations -> Initiate Live Terminal

Screen Shot 2023-03-20 at 10.16.12 AM.png

 

I hope this informations helps answer your question.  Please let me know if you need anything else.

View solution in original post

4 REPLIES 4

L4 Transporter

Hi @NivedaR ,

 

Thanks for reaching out on LIVEcommunity.  

 

If I understand your question correctly you're asking if there's a script that can be run on and endpoint to invoke live terminal in the Cortex XDR Tenant.  As it stands right now there is no script available to accomplish this task.  Live terminal is instantiated from the Cortex XDR Tenant only.  It can't be instantiated locally on an endpoint.

 

If I didn't get your question right please clarify and include the use case.  I'll be happy to help.

 

Have a great day!

L2 Linker

Hello ,

 

Thanks for the answer. I am wondering currently there is an automate feature in XDR that came with the cortex 3.6 . On it there is an option to run script on a specific alert . I was wondering if we could use that automation to open live terminal on the endpoint if a specific alert arises.

L4 Transporter

Hi @NivedaR,

 

The automation feature in 3.6 and Live Terminal are 2 separate features.  Live Terminal is an action that can only be done in the Cortex XDR Tenant.  There is no need for a script to run Live Terminal.  Here are 2 ways you can access Live Terminal.  

 

1. Incident Response -> Live Terminal

Screen Shot 2023-03-20 at 10.17.17 AM.png

 

2. Endpoints -> All Endpoints -> right click on the desired endpoint -> Security Operations -> Initiate Live Terminal

Screen Shot 2023-03-20 at 10.16.12 AM.png

 

I hope this informations helps answer your question.  Please let me know if you need anything else.

Hello,

 

Thank you.

  • 1 accepted solution
  • 1681 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!