Edit Your Broker VM Configuration - Administrator Guide - Cortex XDR - Cortex XSIAM - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Cortex XDR
Creation date
Last date published

After configuring and registering your broker VM, select SettingsConfigurationsData BrokerBroker VMs to edit existing configurations and define additional settings.

  1. In the Broker VMs table, locate your broker VM, right-click and select Configure.

    If the broker VM is disconnected, you can only View the configurations.

  2. In the Broker VM Configurations window, define the following settings:

    • Edit the existing Network Interfaces, Proxy Server, NTP Server, and SSH Access configurations.

    • (Requires Broker VM 8.0 and later) Device Name.

      -Device Name—Change the name of your broker VM device name by selecting the pencil icon. The new name will appear in the Broker VMs table.

      -FQDN—Set your Broker VM FQDN as it will be defined in your Domain Name System (DNS). This enables connection between the WEF and WEC, acting as the subscription manager. The Broker VM FQDN settings affect the WEC and Agent Installer and Content Caching.

    • (Requires Broker VM 8.0 and later) (Optional) Internal Network

      Specify a network subnet to avoid the broker VM dockers colliding with your internal network. By default, the Network Subnet is set to


      Internal IP must be:

      • Formatted as prefix/mask, for example

      • Must be within /8 to /24 range.

      • Cannot be configured to end with a zero.

      For Broker VM version 9.0 and lower, Cortex XDR will accept only

    • Auto Upgrade

      Enable or Disable automatic upgrade of the broker VM. By default, auto upgrade is enabled at Any time for all 7 days of the week, but you can also set the Days in Week and Specific time for the automatic upgrades. If you disable auto-upgrade, new features and improvements will require manual upgrade.

    • Monitoring

      Enable or Disable of local monitoring of the broker VM usage statistics in Prometheus metrics format, allowing you to tap in and export data by navigating to http://<broker_vm_address>:9100/metrics/. By default, monitoring your broker VM is disabled.

    • (Optional) SSH Access

      • (For Broker VM 7.4.5 and earlier) Enable/Disable ssh Palo Alto Networks support team SSH access by using a Cortex XDR token.

        Enabling allows Palo Alto Networks support team to connect to the broker VM remotely, not the customer, with the generated password. If you use SSL decryption in your firewalls, you need to add a trusted self-signed CA certificate on the broker VM to prevent any difficulties with SSL decryption. For example, when configuring Palo Alto Networks NGFW to decrypt SSL using a self-signed certificate, you need to ensure the broker VM can validate a self-signed CA by uploading the cert_ssl-decrypt.crt file on the broker VM.


        Make sure you save the password before closing the window. The only way to re-generate a password is to disable ssh and re-enable.

      • (Requires Broker VM 14.0.42 and later) Customize the login banner displayed, when logging into SSH sessions on the broker VM in the Welcome Message field by overwriting the default welcome message with a new one added in the field. When the field is empty, the default message is used.

    • Broker UI Password

      Reset your current Broker VM Web UI password. Define and Confirm your new password. Password must be at least 8 characters.

    • (Requires Broker VM 10.1.9 and later) (Optional) In the SSL Server Certificate section, upload your signed server certificate and key to establish a validated secure SSL connection between your endpoints and the broker VM. When you configure the server certificate and the key files in the tenant UI, Cortex XDR automatically updates them in the Broker VM UI, even when the Broker VM UI is disabled.

      Cortex XDR validates that the certificate and key match, but does not validate the Certificate Authority (CA).

  3. Save your changes.