cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

L0 Member

To prevent issues similar to CrowdStrike, we can utilize the delay auto updates configuration mechanism available on the PANW Cortex XDR platform console:

 

  1. using agent One release before the latest one. This method ensures that the auto upgrade of the PANW Cortex XDR agent version will be done to one version before the last available version (General Availability), where at least the PANW Cortex XDR agent version that will be used for auto upgrade deployment has been released about 3 months earlier. So this configuration is sufficient to prevent similar issues if the cause is due to the PANW Cortex XDR agent version upgrade.
  2. By default, the PANW Cortex XDR agent version auto upgrade will be done per phase rollout (not a big bang to all PANW Cortex XDR agents on laptops and PCs) where by default only up to 500 PANW Cortex XDR agent versions will be auto upgraded per phase each week according to the number entered into the Amount Of Parallel Upgrades configuration. In addition, the auto upgrade process can also be selected for a specific day and specific time range that can be selected by the customer. Suggested that the auto upgrade can be selected on a specific day and time range where it can standby at that time if there are problems caused by the PANW Cortex XDR agent version upgrade.
  3. By default, the content update configuration is Auto Update and Immediate. To increase the prevention of similar problems if the cause is due to the content update version, you can add a delayed configuration where the number of days of delay can be adjusted as needed. Not recommend that the content update version be delayed for a long time (for example more than 5 days), so that the PANW Cortex XDR agent version can get the new protection coverage available in the new content update version.
Who rated this post