Clear agent database - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-01
Category
Administrator Guide
Abstract

Learn how to clear the Cortex XDR agent database.

In cases where your Cortex XDR agent is having issues, you can attempt a reset by clearing the Cortex XDR agent state of one or more endpoints.

Note

Clearing the agent database is supported on all platforms with Cortex XDR agent version 7.9 or later and is available only when using the debugging mode.

Clearing the agent database is available only when using the debugging mode, and can be tracked in the Action Center.

  1. Clear Agent Database

    1. Navigate to EndpointsAll Endpoints and select one or more endpoints for which you want to clear the database.

    2. ALT+Right-Click, in macOS Option+Right-Click, to open the context menu in debugging mode.

    3. Navigate to Endpoint ControlClear Agent Database.

  2. Track Clear Database Action

    1. Navigate to Incident ResponseResponseAction Center.

    2. In the All Actions table, filter the Action Type field according to Agent Database Cleanup.

      Note

      You can only right-click to cancel the clear agent database for actions with a pending status.