Create an agent installation package - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Cortex XSIAM
Creation date
Last date published
Administrator Guide

Learn how to create a Cortex XDR agent installation package to deploy to your endpoints.

To install the Cortex XDR agent on the endpoint for the first time, create an agent installation package. Review the Where can I install the Cortex XDR agent for supported versions and operating systems.

To install the Cortex XDR agent software, you must use a valid installation package that exists in your Cortex XSIAM management console. If you delete an installation package, new agents installed from this package are not able to register to Cortex XSIAM, however, existing agents may re-register using the Agent ID generated by the installation package.

  1. From Cortex XSIAM, select EndpointsAgent Installations.

  2. Click Create to create a new installer.

  3. Enter a unique name and an optional description to identify the installation package.

    The package name can contain letters, numbers, hyphens, underscores, commas, and spaces, and should not exceed 100 characters.

  4. Select the Package Type:

    • Standalone Installer: Use for fresh installations and to upgrade agents on a registered endpoint that is connected to Cortex XSIAM.

    • Upgrade from ESM: Use this package to upgrade Traps agents which connect to the on-premises Traps Endpoint Security Manager to Cortex XSIAM. For more information, see Migrate from Traps Endpoint Security Manager.Migrate from Traps Endpoint Security Manager

    • (Linux only) Kubernetes Installer: Use for fresh installations and upgrades of Cortex XDR agents running on Kubernetes clusters.

    • Helm Installer: Use this package for fresh installations and upgrades of Cortex XDR agents running on Kubernetes clusters.

  5. Select the platform and relevant settings, and then click Create.

    Cortex XSIAM prepares your installation package and displays it on the Agent Installations page.

  6. Download your installation package.

    When the status of the package shows Completed, right-click the package, and click Download.

Cortex XSIAM provides out-of-the-box exploit and malware protection. However, at minimum, you must enable Data Collection in an Agent Settings profile to leverage endpoint data in Cortex XSIAM apps.