This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Broker VM for Cortex XDR

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Broker VM for Cortex XDR

Kavurisowmya
L1 Bithead

‎06-03-2022 12:38 AM

Hi,

As a part of Cortex XDR , I would like to know some benefits of Broker VM

 I have gone through some of the docs and it looks like a Separate image that need to be installed. So,

1. Do we have to install it on every endpoint (Ex: 10,000 servers) that has cortex xdr installed and should we do it separately for every endpoint?

2. Should we maintain it frequently for updates, maintenance so on or it does automatically?

3. What more benefits we can have apart from content updates using broker VM when installed on a endpoint?

4. Does it help in improving cortex XDR performance (ex: speed)?

Cortex XDR
Thumbnail of Cortex XDR
Palo Alto Networks
Cortex XDR
Security Operations
View on Product Page
0 Likes Likes
5 REPLIES 5

MarvinC
L2 Linker

‎06-03-2022 12:51 AM

Hi Kavurisowmya,

*Note: This is an individual contributor answer*

1. Do we have to install it on every endpoint (Ex: 10,000 servers) that has
cortex xdr installed and should we do it separately for every endpoint?

- You don't need to install it on every endpoint but to configure it to be
used as a proxy or it depends on the agent configuration that you are
using.

- The configuration of brokerVM to be used as a content cache or agent
proxy will depend on your infrastructure like WFH employees that don't use
VPN can directly do the updates to Cortex XDR directly than using BVM.

2. Should we maintain it frequently for updates, maintenance so on or it
does automatically?

- The updates are defaultly set automatically.

3. What more benefits we can have apart from content updates using broker
VM when installed on a endpoint?

- Usage of bandwidth? Since you have your broker VM on your network, agents
won't need to consume Internet access directly outside since you have BVM
on your network.

4. Does it help in improving cortex XDR performance (ex: speed)?

- Speed of getting the content updates, I think yes. Since you don't have
to worry if an endpoint doesn't have Internet connection as long as the
endpoint can reach the BVM.

- with regards to the endpoint CPU performance, I don't think so.

Hope this helps.
Let's have a seat and talk for a while.

SilviuMihailDascalu
L3 Networker
In response to MarvinC

‎06-20-2022 11:59 PM

Hi Matthew,

 

Information regarding the broker vm and the proxy setting for xdr agents is available here.  This will lower the traffic for content update and agent installs but everything will stay the same in terms of bandwidth consumption.

 

Let me know if you have any questions or concerns!

 

Thanks,

Silviu

Silviu-Mihail Dascalu

johnsonsellen
L0 Member

‎03-19-2023 03:13 AM

The Broker VM for Cortex XDR is a virtual machine that serves as the central communication hub for all Cortex XDR agents deployed in your organization. It enables agents to communicate with the Cortex XDR cloud service and allows you to manage and monitor the agents' activities from a centralized location.

To deploy the Broker VM for Cortex XDR, you need to meet the following requirements:

  1. Virtualization platform: The Broker VM can be deployed on VMware ESXi or Microsoft Hyper-V virtualization platforms.
  2. System requirements: The Broker VM requires a minimum of 4 CPU cores, 8 GB of RAM, and 100 GB of disk space.
  3. Networking: The Broker VM must be connected to a network with internet access, and all Cortex XDR agents must be able to connect to the Broker VM over the network.

Once you have met the above requirements, DGme Login you can deploy the Broker VM by following these steps:

  1. Download the Broker VM image from the Cortex XDR cloud service.
  2. Deploy the Broker VM on your virtualization platform.
  3. Configure the Broker VM with the appropriate network settings, such as IP address, DNS, and gateway.
  4. Activate the Broker VM by entering the activation key provided by the Cortex XDR cloud service.
  5. Once the Broker VM is activated, you can start deploying Cortex XDR agents to your endpoints.
  6. The Cortex XDR agents will automatically connect to the Broker VM and start communicating with the Cortex XDR cloud service.

That's a brief overview of the Broker VM for Cortex XDR and how to deploy it. I hope this helps!

 

0 Likes Likes

Jenne21
L0 Member

‎04-30-2023 10:33 AM

The Broker VM for Cortex XDR is a type of virtual machine that acts as the organization's primary communication hub for all of the Cortex XDR agents that have been deployed throughout the company. It makes it possible for agents to communicate with the Cortex XDR cloud service and gives you the ability to manage and monitor the activities of agents from a single location.

In order to deploy the Broker VM for Cortex XDR, you need to ensure that you meet the requirements listed below:

Platform for virtualization: The Broker VM can be installed on either the VMware ESXi or Microsoft Hyper-V virtualization platforms.
The Broker virtual machine requires a minimum of 4 CPU cores, 8 GB of RAM, and 100 GB of disc space. These are the minimum system requirements.
Networking: The Broker VM has to be linked to a network that provides access to the internet, and all Cortex XDR agents have to be able to connect to the Broker VM through the network.
After you have ensured that all of the prerequisites have been satisfied, you will be able to deploy the Broker VM by following the steps below:

Get the Broker VM image from the Cortex XDR cloud service and save it to your computer.
Install the Broker virtual machine on your platform for virtualization. 
It is necessary to configure the Broker VM with the correct network settings, KDealer including the IP address, DNS server, and gateway.
Enter the activation key that was provided by the cloud service for the Cortex XDR platform in order to activate the Broker VM.
After activating the Broker VM, you will be able to begin deploying Cortex XDR agents to your endpoints as soon as possible.
Automatically connecting to the Broker VM and initiating communication with the Cortex XDR cloud service will be performed by the Cortex XDR agents. Mykohlscard
That concludes this condensed introduction to the Broker VM for Cortex XDR and how to implement it. I really hope this helps!

0 Likes Likes

PoojalaSreenadh
L2 Linker

‎01-11-2024 07:35 PM

Hi Team,

 

As you provided valuable information, please add on my questions and provide the answers that more helpful for me.

 

1. after activating the Broker VM we want to connect the firewall logs should be passing through the Broker VM. what are the steps need to follow?

 

2. After activation the Broker VM can we able to deploy the agent in our firewall? so it will collect logs and passing through Broker VM to Data lake?

 

3. For setting up the Broker VM what are steps need to take in firewall for forwarding the logs?

0 Likes Likes
  • 5894 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks