Monitor and Collect Enhanced Endpoint Data in XDR

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Monitor and Collect Enhanced Endpoint Data in XDR

L2 Linker

When setting the Agent profile in Cortex XDR, Under the check box when enabling "Monitor and Collect Enhanced Endpoint Data" is the following note:

Note: Before enabling enhanced endpoint data collection make sure your Strata Logging Service storage capacity and quota allocation can support it. Please refer to the Strata Logging Service quota configuration guidelines and storage calculator for more details.

 

Can anyone tell me how to do this for a Cortex XDR enviroment. I did not find the documention provided any clarity (although I probably missed something!)

 

Thanks

Danny

 

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi @DannyMulheran ,

 

Thank you for writing to live community!

 

The information provided below refers to the use case for customers who have Cortex XDR Pro Per GB license and Strata Logging service as part of their native data lake licensing. In the old cases, customers would have an option to setup a quota of cortex xdr agent logs and alert logs as a use case. 

 

However, with the advent of new data retention and licensing changes, this does not apply for customers who are not on the native data lake licenses(new/existing customers who have purchased/renewed after December, 2022). Example screenshot below:

neelrohit_3-1716703083651.png

 

 

However, if you go to the current configurations for Strata Logging Service, this field is not applicable anymore because the Cortex Endpoint storage and Endpoint alerts data storage, though one is still separate and is managed as per the default retention policy or your retention licenses procured.

 

Hope this helps! Please mark the response as "Accept as Solution" if this helps

 

 

 

View solution in original post

2 REPLIES 2

L5 Sessionator

Hi @DannyMulheran ,

 

Thank you for writing to live community!

 

The information provided below refers to the use case for customers who have Cortex XDR Pro Per GB license and Strata Logging service as part of their native data lake licensing. In the old cases, customers would have an option to setup a quota of cortex xdr agent logs and alert logs as a use case. 

 

However, with the advent of new data retention and licensing changes, this does not apply for customers who are not on the native data lake licenses(new/existing customers who have purchased/renewed after December, 2022). Example screenshot below:

neelrohit_3-1716703083651.png

 

 

However, if you go to the current configurations for Strata Logging Service, this field is not applicable anymore because the Cortex Endpoint storage and Endpoint alerts data storage, though one is still separate and is managed as per the default retention policy or your retention licenses procured.

 

Hope this helps! Please mark the response as "Accept as Solution" if this helps

 

 

 

Many thanks for taking the time to respond and helping to clarify CDL / Strata logging service.

  • 1 accepted solution
  • 2959 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!