Retrieve Support File Password - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2023-03-22
Last date published
2023-09-25
Category
Administrator Guide

From agent version 7.8 and above, the Tech Support File (TSF) is generated in a zip format protected by an encrypted password. The TSF file is archived inside another file which also includes a metadata file that contains a token. The token is used to retrieve the password to unzip the TSF file.

  • To retrieve the password for the TSF file from the endpoint, go to the Cortex XDR server from the Tokens and Passwords option.

  • To retrieve the password for the TSF file from the server, go to the Action Center.

  1. Retrieve Support File Password from EndpointsAll Endpoints.

    1. At the top of the page, click the Tokens and Passwords button and select Retrieve Support File Password option.

    2. In the Retrieve Support File Password dialog, in the Encrypted Password field, paste the token that you copied from the metadata file located in the saved file when running the Cytool log collect.

    3. Click the copy button to copy the password displayed and then click Ok. Use the password to unzip the TSF file.

  2. Retrieve Support File Password from Action CenterAll Actions.

    1. Right-click the relevant action of action type Support File Retrieval and select Additional Data.

    2. Right-click the action and select Retrieve Support File Password.

    3. In the Retrieve Support File Password dialog, in the Encrypted Password field, paste the token that you copied from the metadata file located in the download file.

    4. Click the copy button to copy the password displayed and then click Ok. Use the password to unzip the TSF file.