Hi @VineethArumulla ,
Since this is a public forum for discussion, it would be difficult to answer and investigate. Request you to kindly open a support case with our technical team with support files for investigation and fix(if any).
Not sure where did you check the logs, however, if it was in the agent audit logs, it is also possible that Cortex XDR sends this audit log when endpoints are powered off. When the endpoint is shutdown, then the agent service stops and hence the XDR sends this in form on an agent audit log. However, if you see this happening for the endpoints and then you don't get a start service from the same endpoint for some defined number of days that can be an anomaly in your environment, then you should also investigate on the endpoint level to see if there is some issue.
Hope this helps!
Please mark the response as "Accept as Solution" if it answers your query.
I noticed a similar trend with systems in our environment. When looking at the logs of a specific endpoint and the comparing activity of others, the cyserver service gets stopped when Cortex XDR performs a policy update. These two events are usually within 1 minute of each other. If you did open a ticket, I'm sure others here would like to know what the official resolution was to the question.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!