12-13-2023 10:41 PM
Hi Team,
Could you please provide us with the XQL query to retrieve the reasons behind the "Agent Disconnected" and "Connection Lost" statuses from Cortex XDR? I have attempted to create a query, but I haven't obtained any results. Please assist me with this.
12-14-2023 04:10 AM
Hello @Vinothkumar_SBA ,
Thank you for writing to live community.
May I know exactly which column or field you are looking for to find out the reason? Is it available in the All Endpoints table?
Basically we need to check the Agent logs to find out the connection lost and Agent Disconnected status.
Regards.
12-14-2023 04:24 AM
Hi Aspatil,
Thank you for your response. We are interested in an XQL query to identify the reason why an agent disconnected and the reasons for connection loss. Specifically, we are interested in columns related to the reasons for agent disconnection and connection loss.
12-14-2023 06:05 AM
Thank for providing the information. Unfortunately, the reasons are not generic and may require the extensive troubleshooting by analyzing the various logs to identify the RCA. Hence such information cannot be retrieved from XQL.
Will check again and update you if I find any information.
Thanks.
12-14-2023 08:26 PM
Thanks for your information.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
