Activate the Database Collector - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2023-10-31
Last date published
2024-03-18
Category
Administrator Guide
Abstract

Learn more about activating a broker VM with a Database Collector applet.

Notice

Ingesting Logs and Data from external sources requires a Cortex XDR Pro per GB license.

The Broker VM provides a Database Collector applet that enables you to collect data from a client relational database directly to your log repository for query and visualization purposes. After you activate the Database Collector applet on a Broker VM in your network, you can collect records as datasets (<Vendor>_<Product>_raw) by defining the following.

  • Database connection details, where the connection type can be MySQL, PostgreSQL, MSSQL, and Oracle. Cortex XDR uses Open Database Connectivity (ODBC) to access the databases.

  • Settings related to the query details for collecting the data from the database to monitor and upload to Cortex XDR .

Danger

Before activating the Database Collector applet, review and perform the following:

  1. Select SettingsConfigurationsData BrokerBroker VMs.

  2. In either the Brokers tab or the Clusters tab, locate your Broker VM.

  3. You can either right-click the Broker VM and select Add AppDB Collector, or in the APPS column, left-click AddDB Collector.

  4. Configure your Database Collector settings.

  5. (optional) Add Connection to define another database connection to collect data from another client relational database.

  6. (optional) Other available options.

    As needed, you can return to your Database Collector settings to manage your connections. Here are the actions available to you.

    • Edit the connection name by hovering over the default Collection name, and selecting the edit icon to edit the text.

    • Edit the query name by hovering over the default Query name, and selecting the edit icon to edit the text.

    • Disable/Enable a query by hovering over the top area of the query section, on the opposite side of the query name, and selecting the applicable button.

    • Delete a connection by hovering over the top area of the connection section, on the opposite side of the connection name, and selecting the delete icon. You can only delete a connection when you have more than one connection configured. Otherwise, this icon is not displayed.

    • Delete a query by hovering over the top area of the query section, on the opposite side of the query name, and selecting the delete icon. You can only delete a query when you have more than one query configured. Otherwise, this icon is not displayed.

  7. Activate the Database Collector applet.

    After a successful activation, the APPS field displays DB with a green dot indicating a successful connection.

  8. (Optional) To view metrics about the Database Collector, left-click the DB connection in the APPS field for your Broker VM.

    Cortex XDR displays Resources, including the amount of CPU, Memory, and Disk space the applet is using.

  9. Manage the Database Collector.

    After you activate the Database Collector, you can make additional changes as needed. To modify a configuration, left-click the DB connection in the APPS column to display the Database Collector settings, and select:

    • Configure to redefine the Database Collector configurations.

    • Deactivate to disable the Database Collector.

    You can also Ingest Database Data as Datasets.