04-27-2025 10:03 PM
Hi,
We are using Cortex XSIAM. Currently, some Microsoft Windows 10 and 11 agents are not receiving updates, indicating that they will soon become outdated. I concur that the majority of the machines lack network connectivity. However, is it possible that the moment it gets connected to internet, the agent automatically gets updated either by pulling new agent version or pushing the agent
04-27-2025 10:24 PM
Steps to Schedule or Push an Agent Update in Cortex XSIAM:
Go to:
Endpoints → Agent Management → Agent Versions
Find your Endpoint(s):
Use filters to find the machines that are outdated or running older agent versions.
Select the Endpoint(s):
Check the box next to the device(s) you want to upgrade.
Click on Actions → Upgrade Agent
Choose Upgrade Options:
Immediate Upgrade: If you want the update to happen as soon as the machine is online and checks in.
Scheduled Upgrade: You can set a future time and date for the upgrade to happen.
Example: "Upgrade during maintenance window at 2 AM."
Grace Period Settings (optional): Set a delay after the agent comes online before upgrading.
Confirm and Save:
Cortex XSIAM will wait until the device is online and then trigger the upgrade according to your settings.
04-27-2025 10:13 PM
You're right. In XSIAMand XDR , since the agent management behavior is similar) yes once a Windows 10/11 machine that had no internet regains internet connectivity. The Agent can automatically update, depending on a few conditions:
Pull Method (Default Behavior):
The agent checks in with the Cortex XSIAM backend regularly. If there's a new agent version assigned to its upgrade policy, it will download and install the new version automatically.
Push Method (Manual or Scheduled):
Alternatively, you can push an update command from the XSIAM console once the device is back online, to force an immediate upgrade.
04-27-2025 10:18 PM
Hi Suresh,
Thanks for your prompt reply.
How can we schedule an update command from the XSIAM console once the device is back online?
Regards,
Osama
04-27-2025 10:24 PM
Steps to Schedule or Push an Agent Update in Cortex XSIAM:
Go to:
Endpoints → Agent Management → Agent Versions
Find your Endpoint(s):
Use filters to find the machines that are outdated or running older agent versions.
Select the Endpoint(s):
Check the box next to the device(s) you want to upgrade.
Click on Actions → Upgrade Agent
Choose Upgrade Options:
Immediate Upgrade: If you want the update to happen as soon as the machine is online and checks in.
Scheduled Upgrade: You can set a future time and date for the upgrade to happen.
Example: "Upgrade during maintenance window at 2 AM."
Grace Period Settings (optional): Set a delay after the agent comes online before upgrading.
Confirm and Save:
Cortex XSIAM will wait until the device is online and then trigger the upgrade according to your settings.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
