Change default password for agents

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Change default password for agents

L2 Linker

Hello, 

 

1. Can we please know the recommended procedure to change the defalut password for agents.

2. Is it possible to change the password for particular endpoints? 

3. Will there be any operational issues or impacts if we perform this acitivity? 

 

4 REPLIES 4

L4 Transporter

Hi @Aiman_Fathima ,

thanx for contacting us in livecommunity.

in order to manage the passwords in different enpoints we have a feature on the agents which is the tokens. 

So you can have the admin password for all the endpoints that just your tenant admins can use and then you can have the rolling tokens (automatically changed by the tenant every 2 weeks) and the temporary tokens (that you can create and provide to your analysts with max expiration time of 21 days). This way you are limiting the time that somebody is not a tenant admin to have the permissions to perform elevated privileges activities. 

Please feel free to use the following doc as a reference: 
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Manage-...

 

I hope this helps,

Luis

L4 Transporter

Hi @Aiman_Fathima ,

 

Thank you for writing to live community!

 

1. When you change the password, you are provided instructions on the change on the right and also a password strength bar. Until the bar turns green, you cannot save the password and you need to hence build a strong one.

2. Yes. You can choose to set password for agents in the agents settings profile and all endpoints which are in the same policy with the profile attached should have the same password. Also, with the advent of agent 7.8.x, you do not need to share password and instead use tokens and tokens are unique.

3. It is the agent behaviour and people having a password currently will not be able to use the password to uninstall the agent or disable the agent service as or when needed once the password changes. (Though none else, except security admins should not do this activity). Change request can be recommended.

 

Hope this helps!

 

 

Hello @neelrohit,

 

Thank you for the response.

 

1. Can we know if the team can generate temporary tokens on local machine or it should be generated on the XDR console? 

2. In the temparay tokens procedure, The step "Go to the Action Center to view which agent received the temporary token" is mentioned. Can we know where will the token be recieved by the agent? 

Hi @Aiman_Fathima ,

 

Temporary tokens can be set and generated from XDR console. Right click on the endpoint> Endpoint Control> Set Temporary Token. Temporary Token can be set only for a maximum of 21 days. 

The token upon creation is logged as an action center item and is sent on the next heartbeat to the agent. This token can be then used for the number of days it has been created for.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!