Set an application proxy for XDR Collectors - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Cortex XDR
Creation date
Last date published
Administrator Guide

You can set an application-specific proxy for a Cortex XDR Collector without affecting the communication of other applications on the collector machine.

In environments where Cortex XDR Collectors communicate with the Cortex XDR server through a wide system proxy you can set an application-specific proxy for the XDR Collector without affecting the communication of other applications on the collector machine. You can set the proxy after installation from the XDR Collectors Administration page in Cortex XDR as described in this topic. You can assign up to ten different proxy servers per XDR Collector. The proxy server the agent uses is selected randomly and with equal probability. If the communication between the XDR Collector and the Cortex XDR sever through the app-specific proxies fails, the XDR Collector resumes communication through the system-wide proxy defined on the collector machine. If that fails as well, the XDR Collector resumes communication with Cortex XDR directly.

  1. In Cortex XDR, select SettingsConfigurationsXDR CollectorsAdministration.

  2. If needed, filter the list of on-premise collector machines.

  3. Set an agent proxy.

    1. Select the row of the on-premise collector machine that you want to set a proxy.

    2. Right-click the collector machine and select Set Collector proxy.

    3. You can assign up to ten different proxies per XDR Collector. For each proxy, specify the IP address and port number. After each Proxy Address and Port added, select blue-arrow.png to add the values to a list underneath these fields. Broker VM's in the same tenant can also be configured to use as a proxy, by enabling Agent proxy in the Broker VMs.

    4. Click Set when you’re done.

    5. If necessary, you can later Disable Collector Proxy from the right-click menu.

      When you disable the proxy configuration, all proxies associated with that XDR Collector are removed. The XDR Collector resumes communication with the Cortex XDR sever through the wide-system proxy if defined, otherwise if a wide-system is not defined the XDR Collector resumes communicating directly with the Cortex XDR server. If neither a wide-system proxy nor direct communication exist and you disable the proxy, the XDR Collector disconnects from Cortex XDR .