Clear Agent Database - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-10-13
Category
Administrator Guide
Abstract

Clear the Cortex XDR agent database

In cases where your Cortex XDR agent is having issues, you can attempt a reset by clearing the Cortex XDR agent state of one or more endpoints.

Note

Clearing the agent database is supported on all platforms with Cortex XDR agent version 7.9 or above and is available only when using the debugging mode.

Clearing the agent database is available only when using the debugging mode, and can be tracked in the Action Center.

  1. Clear Agent Database

    1. Navigate to EndpointsAll Endpoints and select one or more endpoints for which you want to clear the database.

    2. ALT+Right-Click, in macOS Option+Right-Click, to open the context menu in debugging mode.

    3. Navigate to Endpoint ControlClear Agent Database.

  2. Track Clear Database Action

    1. Navigate to Incident ResponseResponseAction Center.

    2. In the All Actions table, filter the Action Type field according to Agent Database Cleanup.

      Note

      You can only right-click to cancel the clear agent database for actions with Status Pending.