Streamline Cortex XDR Deployment

Streamline Cortex XDR Deployment

Table of Contents

1. Introduction
2. Issue with Virtual Machines and Internet Access
3. Solution: Deploying a Cortex XTR Broker VM
4. Modifying the XTR MSI File for Proxy Communication
5. Working Area and Infrastructure Overview
6. Steps to Modify the MSI File
7. Generating the MST File for Proxy Configuration
8. Deploying the Modified MSI File through Group Policy
9. Configuring the Software Deployment Policy
10. Linking the Policy with Computers for Installation

Article: Modifying MSI File for Proxy Communication in Cortex XTR Deployment

In today's video, We Are going to explore a use case Scenario involving the deployment of Cortex XTR agent on a cloud-Based infrastructure. The challenge we face is that the virtual machines in this scenario are not directly connected to the internet. To overcome this issue, we will demonstrate how to modify the XTR MSI file to enable proxy communication between the agent and the XTR Cloud.

1. Introduction

Before we dive into the technical details, let's briefly understand the Context of the problem. In our working environment, we have over 100 virtual machines that require the deployment of the Cortex XTR agent. However, due to network restrictions, these machines cannot directly connect to the internet.

2. Issue with Virtual Machines and Internet Access

The lack of direct internet access poses a challenge to the XTR agent's ability to receive updates from the XTR Cloud. To mitigate this, we need to establish a communication Channel between the agent and the cloud via a proxy. This proxy will act as an intermediary, relaying the necessary updates to the agent installed on the virtual machines.

3. Solution: Deploying a Cortex XTR Broker VM

To address the internet connectivity issue, we will deploy a Cortex XTR Broker VM acting as a proxy between the agent and the XTR Cloud. This Broker VM will serve as a bridge, allowing the agent to communicate with the cloud and receive the latest updates.

4. Modifying the XTR MSI File for Proxy Communication

By default, the XTR MSI file does not include options for proxy configuration. Therefore, we need to modify the MSI file to enable communication through the proxy. If You were to download the MSI file directly from the portal, it would not function properly in environments without direct internet access.

To modify the MSI file, we will use Microsoft's Orca utility, which allows us to open and edit MSI files. Once opened, we will add a new property called "ProxyList" and specify the IP address and port number of the broker VM. This modification will enable the MSI file to establish communication with the agent proxy.

5. Working Area and Infrastructure Overview

To provide a visual representation of our working area, let's divide it into two parts: the on-premise infrastructure and the cloud-based environment. The lower portion represents the on-premise infrastructure, while the upper portion depicts the cloud-based infrastructure. Our focus will be on the interplay between these two areas.

6. Steps to Modify the MSI File

To begin modifying the MSI file, we need to open it using the Orca utility. Once opened, we search for the "Properties" tab and add a new row for the "ProxyList" property. Within this row, we specify the IP address of the broker VM along with the corresponding port number. After making these changes, we save the modified MSI file as an MST file, preserving the changes made.

7. Generating the MST File for Proxy Configuration

The MST file contains the necessary configurations for the proxy, including the IP address and port number. This file will be deployed along with the modified MSI file, ensuring that the agent can establish communication with the proxy.

8. Deploying the Modified MSI File through Group Policy

To efficiently deploy the modified MSI file to multiple virtual machines, we recommend using Group Policy. Through the Group Policy Editor, we Create a new Package and specify the shared network location of the MSI file. Additionally, we assign the MST file to ensure the proxy configurations are applied during installation.

9. Configuring the Software Deployment Policy

Within the Software Deployment Policy Editor, we configure the properties of the new package we created. By selecting the advanced option, we gain access to the modification settings. Here, we specify the MST file generated earlier, enabling the inclusion of proxy configurations during installation.

10. Linking the Policy with Computers for Installation

To finalize the deployment process, we need to link the software deployment policy with the target computers. Through the command "gpupdate /force," we ensure that the policy information is updated on the computers. This Prompts the installation of the modified MSI file, including the necessary proxy configurations.

In conclusion, by following the steps outlined in this tutorial, you can successfully modify the MSI file for proxy communication in Cortex XTR deployment. This approach allows you to overcome the limitation of direct internet access on virtual machines and ensures the agent can receive the latest updates from the XTR Cloud.