11-08-2020 11:46 PM
After installing cortex XDR, I can see C:\ProgramData\Cyvera\Prevention folder is getting filled up fast in one of the servers. There are a lot of activities on this server and Traps is catching some malicious activities often. This will definitely create logs, but i have below queries if anybody can help.
is there any way to restrict the disk usage ?. Will the disk usage pile up if there is no cloud connectivity or wildfire access ?. Will it be deleted once the data is presented to Cortex?
Is it recommended to have disk restriction by agent settings profile ?.
I am having XDR 7.2 agent
Thanks in advance.
11-19-2020 07:20 PM
You can set the quota allowance within the agent profile. Once the quota is reached, it is first in - first out.
12-29-2021 11:46 PM
Same issue, I can see ~40GB is full with xdr logs. But, rather limiting quota; should be technical reason why there are filling so fast.
03-31-2022 03:22 AM
Im gonna recommend open a TAC case for this. Default quota is 5 Gigabyte (Max 10) and should not spend more than this. Should be investigated by TAC engineer.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!