Client groups in Cortex XDR

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Client groups in Cortex XDR

L0 Member

Hello,

 

We are an existing Palo customer and we are moving to Cortex XDR for our Antivirus solution. In our current AV application we have groups for different clients based on exceptions or application for various reasons. It is very easy to create install packages for clients and have the client automatically go into those groups. After finally figuring out how Cortex works, I do not see that same type of option. Is there a way to create an agent install package that will automatically place a client into a specific exception group, and now just have an install package based on the OS?

1 REPLY 1

L3 Networker

You can create groups based on Linux and Windows OS or whatever way you would like to create your group differentiater as. Under Endpoints > Endpoints Groups > Add Groups.

 

Once you have done this create a new agent profile where you enable auto upgrade based on your preference thereafter create a policy where you attach the newly created agent profile for upgrade and only attach the policy to specific endpoint groups.

 

Step: 1> Setup global Agent Auto Upgrade settings (Be careful of your internet link saturation.)

Step: 2> Setup Endpoint Groups as per requirement.

Step: 3> Create Agent Profile. Enable auto-upgrade in profile.

Step: 4> Apply profile to endpoint policy based on groups.

Step: 5> Test before production.

Kind Regards
KS
  • 2694 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!