Learn more about how to set up your Cortex XDR Broker VM on Google Cloud Platform.
You can deploy the Broker VM on Google Cloud Platform. The Broker VM facilitates communication with external services through the installation and setup of applets such as the syslog collector.
To set up the Broker VM on the Google Cloud Platform, you install the VMDK image provided in Cortex XDR.
Download a Cortex XDR Broker VM VMDK image. For more information, see the virtual machine compatability requirements in Configure the Broker VM.
To complete the set up, you must have G Cloud installed and have an authenticated user account.
Perform the following procedures in the order listed below.
Open a command prompt and run the following:
gcloud config set project
Upload the VMDK image to the bucket, run the following:
You can import the GCP image using either G Cloud CLI or Google Cloud console.
The import tool uses Cloud Build API, which must be enabled in your project. For image import to work, Cloud Build service account must have
iam.serviceAccountUser roles. When using the Google Cloud console to import the image, you will be prompted to add these permissions automatically.
When the Google Compute completes the image creation, create a new instance.
From the Google Cloud Platform, select→ .
Click Create instance.
In the Custom images and select the image you created.option, choose
Set up the instance according to your needs.
If you are using the Broker VM to facilitate only Agent Proxy, use e2-startdard-2. If you are using the Broker VM for multiple applets, use e2-standard-4.
From the Google Cloud menu, select CREATE FIREWALL RULE.→ , and click
Set the following parameters for the rule:
Name: Name of the rule.
Network: Select the applicable network where the Broker VM resides.
Direction of traffic: Select Ingress (default).
Targets: Select All instances in the network.
Source IPv4 ranges: Enter the IP network of computers that will be connecting to the Broker VM. To include all machines, enter
TCP: Enter port 4443.
The rule is listed under VPC firewall rules.
From the Google Cloud menu, select→ .
For the particular Broker VM containing the rule, select the ellipse to display More actions, and select View network details.
In the Firewall and routes details section, select the FIREWALLS tab.
Verify that the firewall rule is listed.
You can now connect to the Broker VM web console using the Broker VM IP address. Connect via https over port 4443 using the format