Hi @Seka if your endpoint is not connected, run the following commands to identify if XDR is running.
cytool runtime query
- If this is a fresh installation, I'd recommend you to uninstall and reinstall the agent to see if it works, assuming this endpoint has the same network access levels as others in your tenant.
- Otherwise, try using the command "cytool reconnect force <distribution ID>", where the ID can be obtained from the Agent Installations page (you can also create a new one).
- Does a reboot help?
If the aforementioned steps fail, please raise a support ticket at
support.paloaltonetworks.com. Please retrieve the TSF logs from the endpoint itself and upload it to the portal.
Ensure your endpoint agent has access to internet (host firewalls, perimeter firewalls, corporate proxies etc.). Check if this is an isolated incident with one endpoint/few endpoints or if it is happening with all endpoints in your estate.
Ref: https://docs.paloaltonetworks.com/cortex/cortex-xdr/7-6/cortex-xdr-agent-admin/cortex-xdr-agent-for-...
