Static groups limited to 250 endpoints in Cortex XDR Pro?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Static groups limited to 250 endpoints in Cortex XDR Pro?

L3 Networker

When I tried to add an endpoint to a static group with 250 endpoints, the 'save static group' button greyed out.

The documentation says:

 

  • Static—Select specific registered endpoints that you want to include in the endpoint group. Use the filters, as needed, to reduce the number of results.

    When you create a static endpoint group from a file, the IP address, hostname, or alias of the endpoint must match an existing agent that has registered with Cortex XDR. You can select up to 250 endpoints.

This group was not created from a file.

It appears that this is the limit for any static group.

 

Am I missing something here?

 

Thanks

4 REPLIES 4

L5 Sessionator

 Hello,

Thank you for writing to Live Community.

 

Could you please confirm whether your file has matched below prerequisites?

1. Upload From File, using plain text files with a new line separator, to populate a static endpoint group from a file containing IP addresses, hostnames, or aliases.

2.When you create a static endpoint group from a file, the IP address, hostname, or alias of the endpoint must match an existing agent that has registered with Cortex XDR. You can select up to 250 endpoints.

 
Ashutosh Patil

With all due respect, please re-read my post.

I noted that the group was not created from a file.

Thanks for trying...

Tom

L3 Networker

Hi PC-TomS, 

 

You are correct. The limit for a static group is 250 endpoints whether you are creating the static group from a file or by selecting endpoints in the UI. Reference Define Endpoint Groups • Cortex XDR Pro Administrator Guide • Reader • Palo Alto Networks documentat...

 

If you are experiencing an issue, please open a support case to troubleshoot.  

 

If you found this response helpful, please like and Accept as Solution. 

 

Thank you!

If you found this answer helpful, please select Accept as Solution.

I personally think they should just get rid of the limit.  Dynamic groups do not have it, so why should static groups?

 

We used static groups with different policies to switch our production assets from report to protect mode and were stymied when we reached 250 endpoints and could not add more.

 

That said, I think the documentation should be reworded similar to what I put below...

 

Determine the endpoint properties for creating an endpoint group:

  • Dynamic—Use the filters to define the criteria you want to use to dynamically populate an endpoint group. Dynamic groups support multiple criteria selections and can use AND or OR operators. For endpoint names and aliases, and domains and workgroups, you can use * to match any string of characters. As you apply filters, Cortex XDR displays any registered endpoint matches to help you validate your filter criteria.

  • Static ( Note: Static groups are limited to 250 endpoints) Select specific registered endpoints that you want to include in the endpoint group. Use the filters, as needed, to reduce the number of results.

    When you create a static endpoint group from a file, the IP address, hostname, or alias of the endpoint must match an existing agent that has registered with Cortex XDR. You can select up to 250 endpoints.

Tom

  • 1478 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!