- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-12-2024 05:34 PM
When setting the Agent profile in Cortex XDR, Under the check box when enabling "Monitor and Collect Enhanced Endpoint Data" is the following note:
Note: Before enabling enhanced endpoint data collection make sure your Strata Logging Service storage capacity and quota allocation can support it. Please refer to the Strata Logging Service quota configuration guidelines and storage calculator for more details.
Can anyone tell me how to do this for a Cortex XDR enviroment. I did not find the documention provided any clarity (although I probably missed something!)
Thanks
Danny
05-25-2024 10:54 PM - edited 05-25-2024 10:58 PM
Hi @DannyMulheran ,
Thank you for writing to live community!
The information provided below refers to the use case for customers who have Cortex XDR Pro Per GB license and Strata Logging service as part of their native data lake licensing. In the old cases, customers would have an option to setup a quota of cortex xdr agent logs and alert logs as a use case.
However, with the advent of new data retention and licensing changes, this does not apply for customers who are not on the native data lake licenses(new/existing customers who have purchased/renewed after December, 2022). Example screenshot below:
However, if you go to the current configurations for Strata Logging Service, this field is not applicable anymore because the Cortex Endpoint storage and Endpoint alerts data storage, though one is still separate and is managed as per the default retention policy or your retention licenses procured.
Hope this helps! Please mark the response as "Accept as Solution" if this helps
05-25-2024 10:54 PM - edited 05-25-2024 10:58 PM
Hi @DannyMulheran ,
Thank you for writing to live community!
The information provided below refers to the use case for customers who have Cortex XDR Pro Per GB license and Strata Logging service as part of their native data lake licensing. In the old cases, customers would have an option to setup a quota of cortex xdr agent logs and alert logs as a use case.
However, with the advent of new data retention and licensing changes, this does not apply for customers who are not on the native data lake licenses(new/existing customers who have purchased/renewed after December, 2022). Example screenshot below:
However, if you go to the current configurations for Strata Logging Service, this field is not applicable anymore because the Cortex Endpoint storage and Endpoint alerts data storage, though one is still separate and is managed as per the default retention policy or your retention licenses procured.
Hope this helps! Please mark the response as "Accept as Solution" if this helps
06-02-2024 04:28 PM
Many thanks for taking the time to respond and helping to clarify CDL / Strata logging service.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!