- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-06-2023 02:53 AM
Not able to see Asset in Cortex portal. Cortex XDR agent is installed on Asset.
Asset is a Ubuntu 28.04 VM on GCP, having access to internet.
root@dev-vcs-martin1:/var/log/traps# dpkg -l | grep cortex-agent
ii cortex-agent 7.9.0.82606 amd64 Palo Alto Networks Cortex XDR(tm) endpoint security agent
root@dev-vcs-martin1:/var/log/traps# /opt/traps/bin/cytool runtime start all
Name PID User Status Command
pmd 8292 root Running /opt/traps/bin/pmd
analyzerd N/A N/A STOPPED N/A
dypd N/A N/A STOPPED N/A
lted N/A N/A STOPPED N/A
root@dev-vcs-martin1:/var/log/traps# /opt/traps/bin/cytool enum
-----------------------------------
Cortex XDR list of protected processes:
-----------------------------------
PID CMD UID
root@dev-vcs-martin1:/var/log/traps#
02-07-2023 01:51 AM
Hi @vikas-ven ,
Thank you for writing to live community!
Since this is a public forum, we recommend you not to expose internal data and metrics which would be specific to your environment and we appreciate your anonymity assistance.
As per your query, as you can see that all the cortex xdr processes except pmd are stopped on the endpoint, the agent service is not running and hence cannot communicate to the cloud server.
Since you are using agent 7.9, you can also try looking for connectivity test by performing cytool commands as cytool connectivity_test. This should give you insights whether the service is running or not.
Additionally, you can retrieve TSF from the endpoint and open a case with out support team for detailed investigation as needed.
Please mark this response as "Accept as Solution" if it helps to answer your query.
Regards
02-07-2023 01:51 AM
Hi @vikas-ven ,
Thank you for writing to live community!
Since this is a public forum, we recommend you not to expose internal data and metrics which would be specific to your environment and we appreciate your anonymity assistance.
As per your query, as you can see that all the cortex xdr processes except pmd are stopped on the endpoint, the agent service is not running and hence cannot communicate to the cloud server.
Since you are using agent 7.9, you can also try looking for connectivity test by performing cytool commands as cytool connectivity_test. This should give you insights whether the service is running or not.
Additionally, you can retrieve TSF from the endpoint and open a case with out support team for detailed investigation as needed.
Please mark this response as "Accept as Solution" if it helps to answer your query.
Regards
05-03-2024 09:23 AM
In my case, I still see those services disabled, but at least now I see the agent reporting to Cortex Dashboard.
What I did different was, uninstall the Cortex XDR Agent, then I copied the config file cortex.conf to this directory that I had to create /etc/panw/ and then proceeded with the installation, onces installed I used the command /opt/traps/bin/cytool checkin to speed up the checking to Cortex Dashboard, after that, its working as it's supposed to.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!