Set an application proxy for Cortex XDR agents - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-07
Category
Administrator Guide
Abstract

Set an application-specific proxy for the Cortex XDR agent without affecting the communication of other applications on the endpoint.

Note

This capability is supported on endpoints with Traps agent 5.0.9 (Windows only) or Cortex XDR agent 7.0 and later releases.

In environments where agents communicate with the Cortex XSIAM server through a wide-system proxy you can set an application-specific proxy for the Traps and Cortex XDR agent without affecting the communication of other applications on the endpoint. You can set the proxy during the agent installation, after installation using Cytool on the endpoint, or from All Endpoints in Cortex XSIAM.

You can assign up to five different proxy servers per agent. The proxy server the agent uses is selected randomly and with equal probability. If communication fails between the agent and the Cortex XSIAM server through the app-specific proxies, the agent resumes communication through the system-wide proxy defined on the endpoint. If that also fails, the agent directly resumes communication with Cortex XSIAM.

How to set an agent proxy in Cortex XSIAM
  1. From Cortex XSIAM, select EndpointsAll Endpoints.

  2. If needed, filter the list of endpoints.

  3. Select the row of the endpoint for which you want to set a proxy.

  4. Right-click the endpoint and select Endpoint ControlSet Agent Proxy.

  5. You can assign up to five different proxies per agent. For each proxy, enter the IP address and port number. For Cortex XDR agents 7.2.1 and later, you can also configure the proxy by entering the FQDN and port number. When you enter the FQDN, you can use all lowercase letters or all uppercase letters. Avoid using special characters or spaces.

    For example, my.network.name:808,YOUR.NETWORK.COM:888,10.196.20.244:8080.

  6. Click Set.

  7. If required, you can Disable Agent Proxy from the right-click menu.

    When you disable the proxy configuration, all proxies associated with that agent are removed. The agent resumes communication with the Cortex XSIAM server through the system-wide proxy. If a system-wide proxy is not defined, the agent resumes direct communication with the Cortex XSIAM server. If neither a system-wide proxy nor direct communication exists, the agent will disconnect from Cortex XSIAM.