Learn how to retrieve the password to access files from the Tech Support File (TSF), which is generated in a zip format protected by an encrypted password.
From Cortex XDR agent version 7.8 and later, the Tech Support File (TSF) is generated in a zip format protected by an encrypted password. The TSF file is archived inside another file which also includes a metadata file that contains a token. The token is used to retrieve the password to unzip the TSF file.
To retrieve the password for the TSF file from the endpoint, go to the Cortex XSIAM server from the Tokens and Passwords option.
To retrieve the password for the TSF file from the server, go to the Action Center.
Retrieve Support File Password from → .
At the top of the page, click Tokens and Passwords and select Retrieve Support File Password.
In the Retrieve Support File Password dialog box, in the Encrypted Password field, paste the token that you copied from the metadata file located in the saved file when running the Cytool log collect.
Click the copy button to copy the password displayed and then click Ok. Use the password to unzip the TSF file.
Retrieve Support File Password from → .
Right-click the relevant action of action type Support File Retrieval and select Additional Data.
Right-click the action and select Retrieve Support File Password.
In the Retrieve Support File Password dialog box, in the Encrypted Password field, paste the token that you copied from the metadata file located in the download file.
Click the copy button to copy the password displayed and then click Ok. Use the password to unzip the TSF file.