Set an application proxy for Cortex XDR agents - Set an application-specific proxy for the Cortex XDR agent without affecting the communication of other applications on the endpoint. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation
Product
Cortex XSIAM
Creation date
2025-07-15
Last date published
2026-06-11
Category
Administrator Guide
Abstract

Set an application-specific proxy for the Cortex XDR agent without affecting the communication of other applications on the endpoint.

In environments where agents communicate with the Cortex XSIAM server through a wide-system proxy you can set an application-specific proxy for the Cortex XDR agent without affecting the communication of other applications on the endpoint. You can set the proxy during the agent installation, after installation using Cytool on the endpoint, or from All Endpoints in Cortex XSIAM.

You can assign up to 10 different proxy servers per agent. The proxy server the agent uses is selected randomly and with equal probability. If communication fails between the agent and the Cortex XSIAM server through the app-specific proxies, the agent resumes communication through the system-wide proxy defined on the endpoint. If that also fails, the agent directly resumes communication with Cortex XSIAM.

When adding a proxy server, ensure it is in the Network Isolation Allow List if required. See Set up agent setting profiles, Response Actions.

Warning

If adding a proxy to the allow list be aware of the following:

  • This allows any application on the isolated endpoint to communicate through that proxy, potentially allowing a threat actor or malware to bypass the isolation and reach external resources.

  • Ensure that no other non-security applications are utilizing this proxy if you choose to allow it.

How to set an agent proxy in Cortex XSIAM

  1. From Cortex XSIAM, select InventoryEndpointsAll Endpoints.

  2. If needed, filter the list of endpoints.

  3. Select the row of the endpoint for which you want to set a proxy.

  4. Right-click the endpoint and select Endpoint ControlSet Agent Proxy.

  5. You can assign up to 10 different proxies per agent. For each proxy, enter the IP address and port number. You can also configure the proxy by entering the FQDN and port number. When you enter the FQDN, you can use all lowercase letters or all uppercase letters. Avoid using special characters or spaces.

    For example, my.network.name:808,YOUR.NETWORK.COM:888,10.196.20.244:8080.

  6. Click Set.

  7. If required, you can Disable Agent Proxy from the right-click menu.

    When you disable the proxy configuration, all proxies associated with that agent are removed. The agent resumes communication with the Cortex XSIAM server through the system-wide proxy. If a system-wide proxy is not defined, the agent resumes direct communication with the Cortex XSIAM server. If neither a system-wide proxy nor direct communication exists, the agent will disconnect from Cortex XSIAM.