- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-15-2023 07:15 AM
Hello,
I would like to know if a script to that invokes live terminal or other functions related to Cortex XDR can be done using agent script library.
03-20-2023 08:23 AM - edited 03-20-2023 01:23 PM
Hi @NivedaR,
The automation feature in 3.6 and Live Terminal are 2 separate features. Live Terminal is an action that can only be done in the Cortex XDR Tenant. There is no need for a script to run Live Terminal. Here are 2 ways you can access Live Terminal.
1. Incident Response -> Live Terminal
2. Endpoints -> All Endpoints -> right click on the desired endpoint -> Security Operations -> Initiate Live Terminal
I hope this informations helps answer your question. Please let me know if you need anything else.
03-15-2023 02:38 PM
Hi @NivedaR ,
Thanks for reaching out on LIVEcommunity.
If I understand your question correctly you're asking if there's a script that can be run on and endpoint to invoke live terminal in the Cortex XDR Tenant. As it stands right now there is no script available to accomplish this task. Live terminal is instantiated from the Cortex XDR Tenant only. It can't be instantiated locally on an endpoint.
If I didn't get your question right please clarify and include the use case. I'll be happy to help.
Have a great day!
03-20-2023 03:09 AM
Hello ,
Thanks for the answer. I am wondering currently there is an automate feature in XDR that came with the cortex 3.6 . On it there is an option to run script on a specific alert . I was wondering if we could use that automation to open live terminal on the endpoint if a specific alert arises.
03-20-2023 08:23 AM - edited 03-20-2023 01:23 PM
Hi @NivedaR,
The automation feature in 3.6 and Live Terminal are 2 separate features. Live Terminal is an action that can only be done in the Cortex XDR Tenant. There is no need for a script to run Live Terminal. Here are 2 ways you can access Live Terminal.
1. Incident Response -> Live Terminal
2. Endpoints -> All Endpoints -> right click on the desired endpoint -> Security Operations -> Initiate Live Terminal
I hope this informations helps answer your question. Please let me know if you need anything else.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!