Cortex XDR for Linux Requirements – EXOsecure

Cortex XDR for Linux Requirements – EXOsecure

The Cortex XDR agent for Linux has the following requirements:

REQUIREMENTMINIMUM SPECIFICATION
Processor2.3 GHz
RAM4GB; 8GB recommended
Hard disk space10GB
Architecturex86 64-bit
Operating system versionsSee Where can I install the Cortex XDR Agent? in the Palo Alto Networks® Compatibility Matrix.
Kernel version2.6.32To perform malware analysis of ELF files, and collect data for EDR and behavioral threat analysis, the Cortex XDR agent for Linux requires a supported kernel version of 3.4 or later, as listed in:Cortex XDR Agent 7.0.3 Supported Kernel Versions by DistributionCortex XDR Agent 7.0.2 Supported Kernel Versions by DistributionCortex XDR Agent 7.0.1 Supported Kernel Versions by DistributionCortex XDR Agent 7.0.0 Supported Kernel Versions by DistributionIf you deploy the Cortex XDR agent on a Linux server that is not running one of the kernel versions required for these additional protection capabilities, the agent will operate in asynchronous mode: the agent will obtain a verdict for the executed ELF file in parallel to its execution and terminate it if a malware verdict is obtained. In addition, data collection for EDR and behavioral threat protection will not be supported.In Cortex XDR agent 7.0.1 release deployed on endpoints running kernels RHEL, or CentOS, or Oracle 8, you must disable UEFI Secure Boot on the machine. Otherwise, the Cortex XDR agent will operate in asynchronous mode as explained above.
Software packagesca-certificatesopenssl 1.0.0 or a later releaseDistributions with SELinux in enforcing or permissive mode:Red Hat Enterprise Linux 6, CentOS 6, and Oracle Linux 6—policycoreutils-pythonRed Hat Enterprise Linux 7, CentOS 7, and Oracle Linux 7—policycoreutils-python and selinux-policy-develSUSE—policycoreutils-python and selinux-policy-develDebian and Ubuntu—policycoreutils and selinux-policy-devglibc—Required for exploit protection of containerized processes using the ROP Mitigation and Brute Force Protection modules. If glibc is not installed, the modules are disabled but all other exploit and malware protection functionality work as expected.
NetworkingAllow communication on the TCP port from the Cortex XDR agent to server (the default is port 443).Allow the Cortex XDR management console and agent to communicate with external and internal resources required for enforcing endpoint protection. See the Cortex XDR Administrator Guide for your license type (Enable Access with Cortex XDR Prevent or Enable Access with Cortex XDR Pro per Endpoint).

Subscribe Our Newsletter

Lorem ipsum dolor sit amet, consectetur adipiscing elit ut elit tellus.

More Post

Article, News & Post

Recent Blog & Post

Explore the latest updates, insights, and trends in the world of cybersecurity. From expert advice to in-depth analysis, our recent blog posts are designed to keep you informed and protected in an ever-evolving digital landscape.
All Article
Stay connected with ExoSecure for reliable and cutting-edge cybersecurity solutions. Your digital safety is our priority. Explore our policies, services, and contact options to secure your business today.
Facebook Twitter Linkedin
Quick Link
Get In Touch
We’re here to help you secure your business and answer any questions you may have. Whether you’re looking for expert advice, need assistance with our services, or want to explore tailored cybersecurity solutions, our team is ready to assist you.
Copyright © 2024 EXOsecure, LLC.
Scroll to Top