What is the Broker VM? - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-01
Category
Administrator Guide
Abstract

Learn about the Cortex XDR Broker virtual machine (VM) and why use it in your network configuration.

The Palo Alto Networks Broker VM is a secured virtual machine, integrated with Cortex XDR, that bridges your network and Cortex XDR. By setting up the Broker VM, you establish a secure connection in which you can route your endpoints, collect logs, and forward logs and files for analysis.

Cortex XDR can leverage the Broker VM to run different services separately using the same Palo Alto Networks authentication. After you complete the initial setup, the Broker VM automatically receives updates and enhancements from Cortex XDR, providing you with new capabilities without having to install a new VM or manually update the existing VM.

Broker_VM_overview_XDR.png

According to your Cortex XDR license, the following figure illustrates the different Broker VM features that could be available on your organization side:

Broker_VM_Flow_Chart_XDR.png