10-01-2022 06:56 AM
We are planning to create a dashboard and report to check if the Cortex agent is disabled on endpoints and servers.
We attempted to create but were unsure which template to use. Could you please assist us with this?
10-02-2022 11:22 AM - edited 10-02-2022 11:23 AM
My suggestion would be to start with a report template by going into Dashboards & Reports->Customize ->Dashboards Manager->+ New Template. There you should find the 'Agent Management Report' template along with an Agent Status Breakdown (attached screenshot for your continence) presenting the number of connected and disconnected agents.
Next, you can use the XQL query below to create a new widget displaying Agents which are disconnected or have lost their connection:
dataset = endpoints | filter endpoint_status = CONNECTION_LOST or endpoint_status = DISCONNECTED
After you've finished creating the widget, you can add it to your custom report/dashboard.
Hope this helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!