01-18-2023 01:09 AM
Hello,
1. Can we please know the recommended procedure to change the defalut password for agents.
2. Is it possible to change the password for particular endpoints?
3. Will there be any operational issues or impacts if we perform this acitivity?
01-18-2023 01:23 AM
Hi @Aiman_Fathima ,
thanx for contacting us in livecommunity.
in order to manage the passwords in different enpoints we have a feature on the agents which is the tokens.
So you can have the admin password for all the endpoints that just your tenant admins can use and then you can have the rolling tokens (automatically changed by the tenant every 2 weeks) and the temporary tokens (that you can create and provide to your analysts with max expiration time of 21 days). This way you are limiting the time that somebody is not a tenant admin to have the permissions to perform elevated privileges activities.
Please feel free to use the following doc as a reference:
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Manage-...
I hope this helps,
Luis
01-18-2023 01:40 AM
Hi @Aiman_Fathima ,
Thank you for writing to live community!
1. When you change the password, you are provided instructions on the change on the right and also a password strength bar. Until the bar turns green, you cannot save the password and you need to hence build a strong one.
2. Yes. You can choose to set password for agents in the agents settings profile and all endpoints which are in the same policy with the profile attached should have the same password. Also, with the advent of agent 7.8.x, you do not need to share password and instead use tokens and tokens are unique.
3. It is the agent behaviour and people having a password currently will not be able to use the password to uninstall the agent or disable the agent service as or when needed once the password changes. (Though none else, except security admins should not do this activity). Change request can be recommended.
Hope this helps!
01-18-2023 02:28 AM
Hello @neelrohit,
Thank you for the response.
1. Can we know if the team can generate temporary tokens on local machine or it should be generated on the XDR console?
2. In the temparay tokens procedure, The step "Go to the Action Center to view which agent received the temporary token" is mentioned. Can we know where will the token be recieved by the agent?
01-18-2023 10:30 PM
Hi @Aiman_Fathima ,
Temporary tokens can be set and generated from XDR console. Right click on the endpoint> Endpoint Control> Set Temporary Token. Temporary Token can be set only for a maximum of 21 days.
The token upon creation is logged as an action center item and is sent on the next heartbeat to the agent. This token can be then used for the number of days it has been created for.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
