Broker VM Notifications - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Prevent Administrator Guide

Product
Cortex XDR
License
Prevent
Creation date
2023-10-31
Last date published
2024-02-28
Category
Administrator Guide
Abstract

Learn about the notifications that are relevant to Cortex XDR Broker VMs.

To help you monitor effectively your Broker VM version, connectivity, and high availability clusters, Cortex XDR sends notifications to your Cortex XDR console Notification Center.

Cortex XDR sends the following notifications:

  • New Broker VM Version—Notifies when a new Broker VM version has been released.

    • If the Broker VM Auto Upgrade is disabled, the notification includes a link to the latest release information. It is recommend you upgrade to the latest version.

    • If the Broker VM Auto Upgrade is enabled, 12 hours after the release you are notified of the latest upgrade, or your are notified that the upgrade failed. In such a case, open a Palo Alto Networks Support Ticket.

  • Broker VM Connectivity—Notifies when the Broker VM has lost connectivity to Cortex XDR .

  • Broker VM Disk Usage—Notifies when the Broker VM is utilizing over 90% of the allocated disk space.

  • Applet Activated—Notifies when an applet is activated on a cluster.

  • Applet Deactivated—Notifies when an applet is deactivates on a cluster.

  • Applet configuration—Notifies when an applet on a cluster configuration was updated.

  • Add Cluster—Notifies when a cluster was added.

  • Remove Cluster—Notifies when a cluster was removed.

  • Cluster Configuration

    • Notifies when a Broker VM node was added to a cluster.

    • Notifies when a Broker VM node was removed from a cluster.

    • Notifies when the configuration for the cluster needs to be set.

  • Cluster health declined

    • Notifies when failed to detect an available standby Broker VM node in the cluster.

    • Notifies when critical errors detected in the cluster and there is no available standby Broker VM node for failover.

  • Cluster health recovered—Notifies when detected an available standby Broker VM node in the cluster.

  • Cluster failover

    • Notifies when a failover is initiated in the cluster from one Broker VM node to another.

    • Notifies when a failover completed successfully. The Broker VM is now Primary in the cluster.

    • Notifies when a failover in the cluster completed with errors and error message.

    • Notifies when couldn't perform a failover in the cluster as there is no available standby node with sufficient redundancy.

To ensure you and your colleagues stay informed about Broker VM activity, you can also Configure Notification Forwarding to forward your Broker audit logs to an email distribution list or Syslog server. For more information about the Broker VM audit logs, see Monitor Broker VM Activity.