Add an Applet to a Cluster - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Prevent Administrator Guide

Product
Cortex XDR
License
Prevent
Creation date
2024-07-16
Last date published
2024-10-14
Category
Administrator Guide
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XDR/Cortex-XDR-Documentation
Abstract

Learn more about adding an applet to a High Availability cluster.

You can add an applet to a high availability (HA) cluster from the Clusters tab of the Brokers VM page.

You can always add an applet to a cluster, even if the cluster status is Unavailable or Error. When an applet is added to a cluster without any Broker VM nodes, the cluster status is Unavailable and the cluster APPS status displays as Inactive.

  1. Select SettingsConfigurationsData BrokerBroker VMs, and select the Clusters tab.

  2. In the Clusters table, locate the cluster that you want to add an applet.

  3. You can either right-click the cluster, and select Add App<name of applet>, or in the APPS column, left-click Add<name of applet>.

    The applet is only available for you to add to the cluster if it hasn't already been added.

    Note

    With Cortex XDR Prevent, it's only relevant to configure a HA cluster with a Local Agent Settings applet as this is the only applet supported for this product license. The other applets are collector applets, which are only available in Cortex XDR Pro or Cortex XSIAM.

  4. Configure your applet.

    The various applets that you can configure are the same as when configuring a standalone Broker VM. For more information on a particular applet configuration, locate the applet in the Set up Broker VM section, and follow the applicable instructions for configuring the applet parameters.

    The applet is listed with a status indicator in the APPS column, where the colors depict the following statuses.

    Once the applet configuration is changed in a cluster, the changes are automatically applied to the cluster nodes depending on the applet and cluster node role. For example, if you add the Kafka Collector, which is an "active/passive" applet, the applet is automatically initiated and enters an active state on the Primary node and is on standby on the standby nodes. While if you add the Syslog Collector "active/active" applet, the changes automatically propogate so that the applet is active on all cluster nodes, including Primary and standby.