Cortex XDR as part of the golden image

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cortex XDR as part of the golden image

L3 Networker
  • How can we include Cortex XDR as part of the golden image? (for the agent installation on Windows)
    • Condition:- It shouldn't create any duplicate entries on the console.
  • Will there be a new entry on the console if the admin changes the system hostname?

    Also, If someone changes the name of the host does it create a new entry on the console for it and a new endpoint ID is assigned to it?

3 REPLIES 3

L4 Transporter

Hi @Shashanksinha,

Thank you for writing to live community. 

 

Hi



  1. Yes, Cortex XDR can be included as part of a golden image
  2. Adding Cortex XDR to the golden image could result in duplicate entries, namely the same endpoint IDs.  In such cases, using ‘cytool reconnect force’ should help fix the issue.
  3. Each agent have its own unique ID to communicate to XDR server, so simply changing hostname should not create an additional entry.

4. You can use the following basic XQL query to identify duplicate endpoints:

dataset = xdr_data 

| fields agent_id, agent_hostname

| filter agent_hostname != NULL

| dedup agent_id

 

 

Hope this helps!

Visit our Cortex XDR Customer Corner on Live Community to access resources for your product journey, engage in discussions with community members and subject matter experts, and register for upcoming events: Cortex XDR Customer Corner

L0 Member

Hi.

My organization tried to implement Cortex XDR on our Golden image for our Citrix persistant VDi's. And we have face an issue during the deploy of the golden image throught Citrix Studio, during the boot of the cloned image used by our machines catalogs. 
What seems to happen is that the boot takes forever on this image and there is a timeout during Citrix Deployment.

On the initial Golden image the boot takes up to 3 minutos when Cortex XDR is installed (but boots) - if we remove Cortex XDR it takes a few seconds - , any clone from this will take forever to boot.

We have postponed the use of Cortex XDR since we are unable to deploy it under VDI's and cannot not found the reason for it.

L4 Transporter

Hi @hugosantos,

This sounds like performance issues. Due to this being a public forum, I highly suggest opening a support ticket in our support portal

so that this could be further investigated.


Visit our Cortex XDR Customer Corner on Live Community to access resources for your product journey, engage in discussions with community members and subject matter experts, and register for upcoming events: Cortex XDR Customer Corner

  • 2256 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!