Broker VM for Cortex XDR

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Broker VM for Cortex XDR

L1 Bithead

Hi,

As a part of Cortex XDR , I would like to know some benefits of Broker VM

 I have gone through some of the docs and it looks like a Separate image that need to be installed. So,

1. Do we have to install it on every endpoint (Ex: 10,000 servers) that has cortex xdr installed and should we do it separately for every endpoint?

2. Should we maintain it frequently for updates, maintenance so on or it does automatically?

3. What more benefits we can have apart from content updates using broker VM when installed on a endpoint?

4. Does it help in improving cortex XDR performance (ex: speed)?

5 REPLIES 5

L2 Linker
Hi Kavurisowmya,

*Note: This is an individual contributor answer*

1. Do we have to install it on every endpoint (Ex: 10,000 servers) that has
cortex xdr installed and should we do it separately for every endpoint?

- You don't need to install it on every endpoint but to configure it to be
used as a proxy or it depends on the agent configuration that you are
using.

- The configuration of brokerVM to be used as a content cache or agent
proxy will depend on your infrastructure like WFH employees that don't use
VPN can directly do the updates to Cortex XDR directly than using BVM.

2. Should we maintain it frequently for updates, maintenance so on or it
does automatically?

- The updates are defaultly set automatically.

3. What more benefits we can have apart from content updates using broker
VM when installed on a endpoint?

- Usage of bandwidth? Since you have your broker VM on your network, agents
won't need to consume Internet access directly outside since you have BVM
on your network.

4. Does it help in improving cortex XDR performance (ex: speed)?

- Speed of getting the content updates, I think yes. Since you don't have
to worry if an endpoint doesn't have Internet connection as long as the
endpoint can reach the BVM.

- with regards to the endpoint CPU performance, I don't think so.

Hope this helps.
Let's have a seat and talk for a while.

Hi Matthew,

 

Information regarding the broker vm and the proxy setting for xdr agents is available here.  This will lower the traffic for content update and agent installs but everything will stay the same in terms of bandwidth consumption.

 

Let me know if you have any questions or concerns!

 

Thanks,

Silviu

Silviu-Mihail Dascalu

L0 Member

The Broker VM for Cortex XDR is a virtual machine that serves as the central communication hub for all Cortex XDR agents deployed in your organization. It enables agents to communicate with the Cortex XDR cloud service and allows you to manage and monitor the agents' activities from a centralized location.

To deploy the Broker VM for Cortex XDR, you need to meet the following requirements:

  1. Virtualization platform: The Broker VM can be deployed on VMware ESXi or Microsoft Hyper-V virtualization platforms.
  2. System requirements: The Broker VM requires a minimum of 4 CPU cores, 8 GB of RAM, and 100 GB of disk space.
  3. Networking: The Broker VM must be connected to a network with internet access, and all Cortex XDR agents must be able to connect to the Broker VM over the network.

Once you have met the above requirements, DGme Login you can deploy the Broker VM by following these steps:

  1. Download the Broker VM image from the Cortex XDR cloud service.
  2. Deploy the Broker VM on your virtualization platform.
  3. Configure the Broker VM with the appropriate network settings, such as IP address, DNS, and gateway.
  4. Activate the Broker VM by entering the activation key provided by the Cortex XDR cloud service.
  5. Once the Broker VM is activated, you can start deploying Cortex XDR agents to your endpoints.
  6. The Cortex XDR agents will automatically connect to the Broker VM and start communicating with the Cortex XDR cloud service.

That's a brief overview of the Broker VM for Cortex XDR and how to deploy it. I hope this helps!

 

L0 Member

The Broker VM for Cortex XDR is a type of virtual machine that acts as the organization's primary communication hub for all of the Cortex XDR agents that have been deployed throughout the company. It makes it possible for agents to communicate with the Cortex XDR cloud service and gives you the ability to manage and monitor the activities of agents from a single location.

In order to deploy the Broker VM for Cortex XDR, you need to ensure that you meet the requirements listed below:

Platform for virtualization: The Broker VM can be installed on either the VMware ESXi or Microsoft Hyper-V virtualization platforms.
The Broker virtual machine requires a minimum of 4 CPU cores, 8 GB of RAM, and 100 GB of disc space. These are the minimum system requirements.
Networking: The Broker VM has to be linked to a network that provides access to the internet, and all Cortex XDR agents have to be able to connect to the Broker VM through the network.
After you have ensured that all of the prerequisites have been satisfied, you will be able to deploy the Broker VM by following the steps below:

Get the Broker VM image from the Cortex XDR cloud service and save it to your computer.
Install the Broker virtual machine on your platform for virtualization. 
It is necessary to configure the Broker VM with the correct network settings, KDealer including the IP address, DNS server, and gateway.
Enter the activation key that was provided by the cloud service for the Cortex XDR platform in order to activate the Broker VM.
After activating the Broker VM, you will be able to begin deploying Cortex XDR agents to your endpoints as soon as possible.
Automatically connecting to the Broker VM and initiating communication with the Cortex XDR cloud service will be performed by the Cortex XDR agents. Mykohlscard
That concludes this condensed introduction to the Broker VM for Cortex XDR and how to implement it. I really hope this helps!

L2 Linker

Hi Team,

 

As you provided valuable information, please add on my questions and provide the answers that more helpful for me.

 

1. after activating the Broker VM we want to connect the firewall logs should be passing through the Broker VM. what are the steps need to follow?

 

2. After activation the Broker VM can we able to deploy the agent in our firewall? so it will collect logs and passing through Broker VM to Data lake?

 

3. For setting up the Broker VM what are steps need to take in firewall for forwarding the logs?

  • 3700 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!