For details on cookie usage on our site, read our Privacy Policy
Broker VM for Cortex XDR
- LIVEcommunity
- Discussions
- Security Operations
- Cortex XDR Discussions
- Broker VM for Cortex XDR
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Broker VM for Cortex XDR
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-03-2022 12:38 AM
Hi,
As a part of Cortex XDR , I would like to know some benefits of Broker VM
I have gone through some of the docs and it looks like a Separate image that need to be installed. So,
1. Do we have to install it on every endpoint (Ex: 10,000 servers) that has cortex xdr installed and should we do it separately for every endpoint?
2. Should we maintain it frequently for updates, maintenance so on or it does automatically?
3. What more benefits we can have apart from content updates using broker VM when installed on a endpoint?
4. Does it help in improving cortex XDR performance (ex: speed)?
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-03-2022 12:51 AM
*Note: This is an individual contributor answer*
1. Do we have to install it on every endpoint (Ex: 10,000 servers) that has
cortex xdr installed and should we do it separately for every endpoint?
- You don't need to install it on every endpoint but to configure it to be
used as a proxy or it depends on the agent configuration that you are
using.
- The configuration of brokerVM to be used as a content cache or agent
proxy will depend on your infrastructure like WFH employees that don't use
VPN can directly do the updates to Cortex XDR directly than using BVM.
2. Should we maintain it frequently for updates, maintenance so on or it
does automatically?
- The updates are defaultly set automatically.
3. What more benefits we can have apart from content updates using broker
VM when installed on a endpoint?
- Usage of bandwidth? Since you have your broker VM on your network, agents
won't need to consume Internet access directly outside since you have BVM
on your network.
4. Does it help in improving cortex XDR performance (ex: speed)?
- Speed of getting the content updates, I think yes. Since you don't have
to worry if an endpoint doesn't have Internet connection as long as the
endpoint can reach the BVM.
- with regards to the endpoint CPU performance, I don't think so.
Hope this helps.
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-20-2022 11:59 PM
Hi Matthew,
Information regarding the broker vm and the proxy setting for xdr agents is available here. This will lower the traffic for content update and agent installs but everything will stay the same in terms of bandwidth consumption.
Let me know if you have any questions or concerns!
Thanks,
Silviu
- XDR Broker VM Security: Antivirus Scan/Software and Audit Log Reporting in Cortex XDR Discussions
- Endpoint tags on Cortex XDR in Cortex XDR Discussions
- Not able to see Asset in Cortex portal. in Cortex XDR Discussions
- CDL and Rapid7 InsightIDR, new API method? in Cortex XDR Discussions
- Cortex XDR service getting stoppage on machines in Cortex XDR Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
