Cortex XDR Auto update mechanism

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cortex XDR Auto update mechanism

L2 Linker

Does anyone know the Cortex XDR Auto update mechanism?
I recently found that some agents failed to update automatically. The failed content included content update and agent update. The console log did not give the reason for the failure. What are the reasons for the update failure? How often will the content update be triggered again after a failure?

6 REPLIES 6

L2 Linker

Hello Grady, 

 

Did you somehow check which versions are having trouble upgrading?


For version 7.7, they have already released Cortex XDR Health to check start up and upgrade failures (and roll back)

 

We are too having issues somehow with upgrade. You can check for trapsd logs hints such as storage issues.

 

But I highly advise for you to contact support and get a support file of the affected endpoints for them to check the root cause.

Let's have a seat and talk for a while.

L2 Linker

Hello Grady, 

 

Did you somehow check which versions are having trouble upgrading?


For version 7.7, they have already released Cortex XDR Health to check start up and upgrade failures (and roll back)

 

We are too having issues somehow with upgrade. You can check for TR@PSD logs hints such as storage issues.

 

But I highly advise for you to contact support and get a support file of the affected endpoints for them to check the root cause.

Let's have a seat and talk for a while.

Hi Marvin

 

I found that content update failed by looking at the audit log of the endpoint on the cloud console.
I just want to know the mechanism

Hello Grady, 

 

Can you somehow drop the error you are seeing?


Is the agent still reflecting in the console?

Do you have proxies configured like BrokerVM?

Let's have a seat and talk for a while.

Hi Marvin

 

At present, I haven't logged into the endpoint to see the trapd.log, because this endpoint is not within my scope, I can only see the failure in the endpoint log from the console, and it still fails when I try to force check-in. The endpoint is connected to the Broker VM

 

L3 Networker

Hi Grady,

 

Would you please open a support ticket with our Customer Support team to review and fix the problem?

 

Thanks,

Silviu

Silviu-Mihail Dascalu
  • 2566 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!