Create an XDR Collector installation package - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-12-02
Category
Administrator Guide
Abstract

Learn how to create an XDR Collector installation package for a Windows or Linux collector machine.

To install a Cortex XDR Collector for the first time, you must first create an XDR Collector installation package. After you create and download an installation package, you can then install it directly on the collector machine or you can use a software deployment tool of your choice to distribute the software to multiple collector machines.

To install the XDR Collector software, you must use a valid installation package that exists in your XDR Collectors console. If you delete an installation package, any XDR Collectors installed from this package are not able to register to Cortex XSIAM .

Note

To move existing XDR Collectors between Cortex XSIAM managing servers, you need to first Uninstall the XDR Collector from the collector machine and then for the new XDR Collector create a new installation package.

To create a new installation package.

  1. In Cortex XSIAM, select Settings 403822_spr.pngConfigurationsXDR CollectorsInstallers.

    xdr-collectors-installations.png
  2. Create a new installation package.

    create-new-installer.png
  3. Enter a unique Name and an optional Description to identify the installation package.

    The package Name must be no more than 100 characters and can contain letters, numbers, hyphens, underscores, commas, and spaces.

  4. Select the Platform for which you want to create the installation package as either Windows or Linux.

  5. Select the Version.

  6. Create the installation package.

    Cortex XSIAM prepares your installation package and makes it available in the XDR Collectors Installations page.

  7. Download your installation package.

    When the status of the package displays Completed, right-click the Collector Version row, and click Download.

    • For a Windows installation, select Download 64 bit installer.

    • For a Linux installation, you can Download Linux RPM installer or Download Linux DEB installer (according to your Linux collector machine distribution), and deploy the installers on the on-premise collector machines using the Linux package manager. Alternatively, you can Download Linux SH installer and deploy it manually on the Linux collector machine.

    Once the applicable installation package is downloaded, you can install the package.

  8. Other available options.

    As needed, you can return to the XDR Collectors Installations page to manage your XDR Collectors installation packages. To manage a specific package, right click the Collector Version, and select the desired action:

    • Edit the package name or description.

    • Delete the installation package. Deleting an installation package does not uninstall the XDR Collector software from any on-premise collector machines.

      Note

      Since Cortex XSIAM relies on the installation package ID to approve XDR Collector registration during install, it is not recommended to delete the installation package for any active on-premise collector machines. Hiding the installation package will remove it from the default list of available installation packages, and can be useful to eliminate confusion in the XDR Collectors console main view. These hidden installation can be viewed by removing the default filter.

    • Copy text to clipboard to copy the text from a specific field in the row of an installation package.

    • Hide installation packages. Using the Hide option provides a quick method to filter out results based on a specific value in the table. You can also use the filters at the top of the page to build a filter from scratch. To create a persistent filter, save (save-icon.png) it.