Not able to see Asset in Cortex portal.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Not able to see Asset in Cortex portal.

L0 Member

Not able to see Asset in Cortex portal. Cortex XDR agent is installed on Asset.
Asset is a Ubuntu 28.04 VM on GCP, having access to internet.

 

root@dev-vcs-martin1:/var/log/traps# dpkg -l | grep cortex-agent
ii cortex-agent 7.9.0.82606 amd64 Palo Alto Networks Cortex XDR(tm) endpoint security agent

root@dev-vcs-martin1:/var/log/traps# /opt/traps/bin/cytool runtime start all
Name PID User Status Command
pmd 8292 root Running /opt/traps/bin/pmd
analyzerd N/A N/A STOPPED N/A
dypd N/A N/A STOPPED N/A
lted N/A N/A STOPPED N/A

root@dev-vcs-martin1:/var/log/traps# /opt/traps/bin/cytool enum
-----------------------------------
Cortex XDR list of protected processes:
-----------------------------------
PID CMD UID
root@dev-vcs-martin1:/var/log/traps#

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi @vikas-ven ,

 

Thank you for writing to live community!

 

Since this is a public forum, we recommend you not to expose internal data and metrics which would be specific to your environment and we appreciate your anonymity assistance. 

 

As per your query, as you can see that all the cortex xdr processes except pmd are stopped on the endpoint, the agent service is not running and hence cannot communicate to the cloud server. 

 

Since you are using agent 7.9, you can also try looking for connectivity test by performing cytool commands as cytool connectivity_test. This should give you insights whether the service is running or not. 

 

Additionally, you can retrieve TSF from the endpoint and open a case with out support team for detailed investigation as needed.

 

Please mark this response as "Accept as Solution" if it helps to answer your query.

 

Regards

View solution in original post

2 REPLIES 2

L5 Sessionator

Hi @vikas-ven ,

 

Thank you for writing to live community!

 

Since this is a public forum, we recommend you not to expose internal data and metrics which would be specific to your environment and we appreciate your anonymity assistance. 

 

As per your query, as you can see that all the cortex xdr processes except pmd are stopped on the endpoint, the agent service is not running and hence cannot communicate to the cloud server. 

 

Since you are using agent 7.9, you can also try looking for connectivity test by performing cytool commands as cytool connectivity_test. This should give you insights whether the service is running or not. 

 

Additionally, you can retrieve TSF from the endpoint and open a case with out support team for detailed investigation as needed.

 

Please mark this response as "Accept as Solution" if it helps to answer your query.

 

Regards

L1 Bithead

In my case, I still see those services disabled, but at least now I see the agent reporting to Cortex Dashboard.

What I did different was, uninstall the Cortex XDR Agent, then I copied the config file cortex.conf to this directory that I had to create /etc/panw/ and then proceeded with the installation, onces installed I used the command /opt/traps/bin/cytool checkin to speed up the checking to Cortex Dashboard, after that, its working as it's supposed to.

Ing. Angel Gonzalez
  • 1 accepted solution
  • 1901 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!