After installing cortex XDR, I can see C:\ProgramData\Cyvera\Prevention folder is getting filled up fast in one of the servers. There are a lot of activities on this server and Traps is catching some malicious activities often. This will definitely create logs, but i have below queries if anybody can help.
is there any way to restrict the disk usage ?. Will the disk usage pile up if there is no cloud connectivity or wildfire access ?. Will it be deleted once the data is presented to Cortex?
Is it recommended to have disk restriction by agent settings profile ?.
I am having XDR 7.2 agent
Thanks in advance.
You can set the quota allowance within the agent profile. Once the quota is reached, it is first in - first out.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!