I hope you all stay safe and doing great.
I noticed that per each 5-minutes check-in the cortex XDR agents they will get 22MB back from the cloud.
I think this is considerable amount of data if there´s no policy/content update to be sent from Cortex XDR cloud to the agents.
This is happening for each agent and it´s impacting the network.
Does anyone know if is expected to receive this amount of data from the Cortex cloud each check-in?
Thank you in advance.
By memory, that seems about right for the latest agents. If you go into your settings on your XDR instance, there is an option for content bandwidth management that you can enable and set a max allocation for, along with an auto upgrade schedule and agent amount that are customizable that can help you save bandwidth however if that's needed.
I believe that this is the limit of managing bandwidth usage by the agents however.
@BPry Thank you for your answer.
Now the traffic got stable but the day EDR data collection was enabled there was a high increase in received traffic.
Do you know if it´s normal that the very first time that EDR data collection is enable this causes high bandwidth consumption to stabilize after some hours?
That's an important piece of the puzzle, but yes that's expected as your clients were doing the initial data upload with all of the additional EDR collection records.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!