This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Check Cortex XDR Agent status

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Check Cortex XDR Agent status

Nazlikul
L1 Bithead

‎06-05-2023 05:07 AM

Is it still possible to check the status of Cortex agent in registry? I want to check the status on the client side periodically. I know it is possible via cytool but i need to do this periodically on a lot of computers.

I know there was a way on Traps agent via the registry. Is this still possible or are there any other ways?

0 Likes Likes
4 REPLIES 4

fmoixsante
L3 Networker

‎06-05-2023 05:47 AM

Hi @Nazlikul 

 

What would be your use case? Do you have to monitor service uptime? Operational Status? Does the check need to be local? Could the status come from the XDR console? or from the Cortex XDR API?

Nazlikul
L1 Bithead
In response to fmoixsante

‎06-06-2023 07:12 AM

Hi fmoixsante,

I need to be able to check the operational status. I don't care from where I get the status as long as it is the real operational status,

Thank you

0 Likes Likes

fmoixsante
L3 Networker

‎06-06-2023 10:11 AM

Hi @Nazlikul

 

  1. You can monitor Operational Status from the All Endpoints section of the Cortex XDR console by using Filters and Layouts.
  2. You could create a XQL query to look for Operational Status and get the result as a table or add a count function to the query
  3. You could create a Dashboard Widget from a XQL query.
  4. You could copy a Dashboard or create a new one and add the built-in widget Agent Operational Status to it.
  5. You could create a Correlation rule from a XQL query and create Alerts whenever there are agents changing operational status to something you want to be alerted on.
  6. You could use the Cortex XDR API or the Cortex XDR XQL API and also gather the Endpoint or Enpoints information from there.
  7. You could use the Cortex XDR XQL API and also gather the Endpoint or Enpoints information from there.

There are many ways to get the Operational Status, but having a defined use case with requirements would be the most recommended way to receive the best answer.

Nazlikul
L1 Bithead
In response to fmoixsante

‎06-07-2023 05:26 AM

Hi fmoixsante,

 

What can I see as operational status? is it just connected, disconnected etc. or do I get more information?

Thank you

0 Likes Likes
  • 1271 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks