Troubleshooting Resources for Mac - Administrator Guide - 7.9 - 7.8 - Cortex XDR - Cortex XDR Agent - Advanced Endpoint Protection - Cortex - Security Operations

Cortex XDR Agent Administrator Guide

Product
Cortex XDR
Cortex XDR Agent
Version
7.8
Creation date
2022-08-31
Last date published
2023-04-30
End_of_Life
EoL
Category
Administrator Guide

Resource

Description

Processes

Launch Daemons:

  • /Applications/Cortex XDR.app/Contents/MacOS/Cortex XDR

  • /Library/Application Support/PaloAltoNetworks/Traps/bin/pmd

  • /Library/Application Support/PaloAltoNetworks/Traps/bin/authorized

Launch Agents:

  • /Library/Application Support/PaloAltoNetworks/Traps/bin/Cortex XDR Agent.app/Contents/MacOS/Cortex XDR Agent

System Extensions:

  • com.paloaltonetworks.traps.securityextension

  • com.paloaltonetworks.traps.networkextension

Cortex XDR agent console log

Indicates information, warnings, and errors related to the agent console. The Console log is located in the following folder on the endpoint:

  • Mac OS X 10.10 and OSX 10.11—/var/log/traps/agent/

  • macOS 10.12 and later releases—View logs from the Console application in /Library/Logs/PaloAltoNetworks/Cortex XDR/.

Cortex XDR agent service log

Indicates information, warnings, and errors related to Cortex XDR. The Service log is located in the following folder on the endpoint:

  • Mac OS X 10.10 and OSX 10.11—/var/log/traps/

  • macOS 10.12 and later releases—View logs from the Console application in /Library/Logs/PaloAltoNetworks/Cortex XDR/.

Supervisor Command Line Tool (cytool)

Allows you to manage agent features and perform advanced troubleshooting on the local endpoint from a command line interface. For more information, see Cytool for Mac.