Learn more about remotely connecting to a Cortex XDR Broker VM.
Cortex XDR enables you to connect remotely to a Broker VM directly from Cortex XDR.
In Cortex XDR, select Settings → Configurations → Data Broker → Broker VMs table.
Locate the Broker VM you want to connect to, right-click and select Open Live Terminal.
Cortex XDR opens a CLI window where you can perform the following commands:
Broker VM logs are located in
/data/logs/folderand contain the applet name in the file name.Example 62.Folder
/data/logs/[applet name], containingcontainer_ctrl_[applet name].logThe Broker VM allows commands which do not require Sudo.
Example 63.routeorifconfig -aBroker VM supports the commands listed in the following table. All the commands are located in the
/home/admin/sbinfolder.Cortex XDR requires you use the following values when running commands:
Notice
The only applet that is available with a Cortex XDR Prevent license is the Local Agent Settings. The rest of the applets are only available with a Cortex XDR Pro license.
CSV Collector:
file_collectorDatabase Collector:
db_collectorFiles and Folders Collector:
log_collectorFTP Collector:
ftp_collectorKafka Collector:
kafka_collectorLocal Agent Settings:
tms_proxyNetFlow Collector:
netflow_collectorNetwork Mapper:
network_mapperPathfinder:
odysseusSyslog Collector:
anubisWindows Event Collector:
wec
Upgrade:
zenith_upgradeFrontend service:
webuiSync with Cortex XDR:
cloud_syncInternal messaging service (RabbitMQ):
rabbitmq-serverUpload metrics to Cortex XDR:
metrics_uploaderPrometheus node exporter:
node_exporterBackend service:
backend
The following table displays the available commands in alphabetical order:
Command
Description
Example
applets_restartRestarts one or more applets.
sudo ./applets_restart wecapplets_startStart one or more applets.
sudo ./applets_start wecapplets_statusCheck the status of one or more applets.
sudo ./applets_status wecapplets_stopStop one or more applets.
sudo ./applets_stop wechostnamectlCheck and update the machine hostname on a Linux operating system.
sudo ./hostnamectl set-hostname <new_host_name>Restart machine after running command.
killLinux kill command.
sudo ./kill [some pid]restart_routesInvoke a restart of the routing service after updating your static network route configuration file,
/etc/network/routes.The
/etc/network/routesconfiguration file is a standard Ubuntu routes configuration file and can be edited directly. The admin user that you logged in with, when using the remote terminal or via SSH, has read/write permissions to this file.sudo ./restart_routesNote
You can either
restart_routesor reboot the Broker VM for the changes in the/etc/network/routesfile to take affect.routeModify your IP address routing.
sudo ./routeservices_restartRestarts one or more services. OS services are not supported.
sudo ./services_restart cloud_syncservices_startStart one or more services.
sudo ./services_start cloud_syncservices_statusCheck the status of one or more services.
sudo ./services_status cloud_syncservices_stopStop one or more services.
sudo ./services_restart cloud_syncset_ui_password.shChange the password of the Broker VM Web UI.
Run the command, enter the new password followed by Ctrl+D.
sudo ./set_ui_password.shsquid_tailDisplay the Proxy applet Squid log file in real-time.
sudo ./squid_tail