08-15-2022 08:08 AM
Hello,
Is there a way to create a connector between cortex console and AWS portal that can fetch EC2 information as soon as the agent comes online and then populate the data received by this connector into the XDR.
Thanks !
08-15-2022 06:42 PM
Hi @NivedaR it is not clear from your question what you're referring to - whether it is about XDR agents running on EC2 instances in AWS within a private subnet, or metadata about EC2 instances.
If it is the former, I believe you have AWS instances that have no route to internet (private subnet).
In this case, you can leverage a NAT instance or a Broker VM (link here). I'd recommend using the Broker VM as it provides additional functionalities that a NAT instance cannot (caching, proxying etc.). Keep in mind that you need to configure the agents to leverage the proxy. You can do it in one of the following ways:
1. during installation - use the proxy_list parameter (link here)
2. post-installation - use cytool proxy set <IP:port> (link here) or set a system-wide proxy
If it is the latter, here you go: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/external-data-ingestion/ing...
08-15-2022 06:42 PM
Hi @NivedaR it is not clear from your question what you're referring to - whether it is about XDR agents running on EC2 instances in AWS within a private subnet, or metadata about EC2 instances.
If it is the former, I believe you have AWS instances that have no route to internet (private subnet).
In this case, you can leverage a NAT instance or a Broker VM (link here). I'd recommend using the Broker VM as it provides additional functionalities that a NAT instance cannot (caching, proxying etc.). Keep in mind that you need to configure the agents to leverage the proxy. You can do it in one of the following ways:
1. during installation - use the proxy_list parameter (link here)
2. post-installation - use cytool proxy set <IP:port> (link here) or set a system-wide proxy
If it is the latter, here you go: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/external-data-ingestion/ing...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
