This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Move Cortex XDR agent from one tenant to another (and back)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Move Cortex XDR agent from one tenant to another (and back)

tmeksik
L2 Linker

‎04-17-2024 04:23 PM

When we move an agent to a new management server, what would happen to the logs and telemetries we have on the old tenant? Would they be retained as per the usual policy or would they just get purged?

 

Also if we then move it back to the old tenant, would it appear like the logs/telemetries just have some gaps while the agent was away from the tenant or it would appear like a freshly installed one with no awareness of its "past life"??

 

Thanks in advance!

Tum

0 Likes Likes
3 REPLIES 3

aspatil
L5 Sessionator

‎04-18-2024 07:21 AM

Hello @tmeksik ,

 

Thanks for reaching out on LiveCommunity!

 

One you move the agent from one tenant to another the logs will be there until its retention period. Once you move back to old tenant the logs will be there with the gap in between the transfer.

 

If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.

 

Regards

Ashutosh Patil
0 Likes Likes

tmeksik
L2 Linker
In response to aspatil

‎04-18-2024 04:39 PM

Thanks @aspatil - Just to confirm it with 100% certainty, when the endpoint is moved back to the old tenant, it won't be treated as a brand new endpoint with the same host name? Correct?

 

Would want to confirm this specifically since the docs say "When you change the server that manages the agent, the agent transfers to the new managing server as a freshly installed agent". So I wonder if this would apply to when you move it back to the old tenant too? The old tenant may treat the one that just moved back as a freshly installed agent without associating it with its previous logs and everything.

0 Likes Likes

neelrohit
L5 Sessionator
In response to tmeksik

‎07-11-2024 04:31 AM

Hi Tum,

 

Any back management server change event is considered a fresh installation on the destination instance as the endpoint registers with the new endpoint ID. The agents do not have a memory which they carry between the tenants and hence any change between instances is considered a new registration.

 

As a practice recommendation, it is generally not advised to perform this activity more than twice as this can lead to database corruption for the agents.

 

Hope this helps.

 

Feel free to mark the response as "Accept as Solution" if it answers your query.

0 Likes Likes
  • 899 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks