This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex Doubt Operations

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cortex Doubt Operations

Alpalo
L4 Transporter

‎01-27-2022 11:15 PM

Hello everyone;

Cortex:
The console reports 481 agents of which it gives with lost connection 110, in the licensing section it indicates 371 agents installed of the 500 licensed, so it seems that it does not take into account those of lost connection, I wanted to confirm this extreme since, according to the panel, we could be close to rushing the license.

We use DHCP in the workstations, it is frequent to change the name and even the address of the computers, due to fleet renewal, staff rotation or change of vlan, and with the on-site access frequently interrupted by the pandemic, there may be computers -few- that are not turned on for months.

How does Cortex understand that an agent is unique? Is it univocally identified in the computer that is installed regardless of its name or IP address? If the computer with a complete image is replatformed, does it still count the old agent, which will no longer respond, in addition to the new one? In the list of agents, there are computers with both name and IP address repeated, even some with both, how could we avoid these duplicates?

Thanks in advance.
Best regards.

0 Likes Likes
1 REPLY 1

etugriceri
L3 Networker

‎01-28-2022 01:53 AM

There are two important facts about licensing. Even your agents are not active, Cortex XDR is keeping Agent data's and after 180 days, Data's will be deleted and count 481 will be decreased. But Licensing is calculating totally different. After 30 days connections lost status, agent license will be returned to pool. 

 

Connection Lost (Days)
—Configure the number of days after which the license should be returned when an agent loses the connection to Cortex XDR. Default is 30 days; Range is 2 to 60 days.
Agent Deletion (Days)
—Configure the number of days after which the agent and related data is removed from the Cortex XDR management console and database. Default is 180 days; Range is 3 to 360 days and must exceed the Connection Lost value.

 

Hostname and ip address are not impacting to calculating Uniq machine ID. But mac address changes does. Even a host changes ip and hostname, will not consume another license. You can re-image host, as long as you keep same hardware, same license will be applied to host. 
For the duplicates, You can delete manually from management console or API. otherwise cortex xdr will delete agents after 180 days. 

(1)
  • 1602 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks