mXDR: Stellar Cyber Agent Upgrade Process

mXDR: Stellar Cyber Agent Upgrade Process

Overview

CyFlare’s Managed XDR (mXDR) service includes proactive management and upgrading of Stellar Cyber Agents (Sensors) on behalf of our customers.

This article outlines:
  1. How Stellar Agent upgrades are managed
  2. What customers should expect from the upgrade process
  3. Customer responsibilities and available options
  4. Changes to CyFlare’s upgrade strategy

This process applies to both CyFlare environments, with slight differences for Gov Cloud customers.

CyFlare Managed Environments

    1. For Gov Cloud Customers, processes may differ slightly due to environment-specific requirements. Please contact TechOps@cyflare.com or your Customer Success Manager for details specific to your deployment.

Upgrade Strategy

As of May 4th, 2026, CyFlare is transitioning to a continuous upgrade model for Stellar Cyber Agents.

What This Means

  1. Agents will be upgraded on an ongoing basis rather than within fixed maintenance windows
  2. The goal is to ensure all agents remain on the latest stable version at all times
  3. This allows for:
    1. Faster adoption of security enhancements
    2. Improved platform stability and performance
    3. Simplified operational management across all tenants

CyFlare evaluates each release to ensure minimal risk to customer environments before broad deployment. After the Stellar Instance platform upgrades, there may be a 1 to 2 week period to validate a stable version before upgrades begin rolling out.

Removal of Maintenance Windows

CyFlare will no longer operate within standard upgrade windows.

New Model

  1. Upgrades are deployed as part of ongoing operations
  2. Upgrade attempts may occur at various times based on:
    1. Agent availability (online status)
    2. Platform upgrade cycles
    3. Operational prioritization

Customer Options (Opt-Out & Custom Scheduling)

Customers retain full control if needed:

Opt-Out Option

  1. Customers may opt out of CyFlare-managed upgrades
  2. This allows you to:
    1. Manage your own upgrade schedule
    2. Coordinate upgrades internally

Custom Upgrade Coordination

  1. Customers can request:
    1. Controlled upgrade timing
    2. Coordination with internal maintenance activities
Note: To opt out or coordinate a custom approach, contact: TechOps@cyflare.com or your Customer Success Manager

Upgrade Behavior & Impact

  1. Upgrades are performed in the background
  2. No reboot is required
  3. Minimal user impact under normal conditions

Expected Temporary Impact

  1. Some may experience a light increase in:
    1. CPU usage
    2. Memory usage

This is normal and consistent with standard software installation behavior.

System Requirements

To ensure optimal performance during upgrades, systems should meet Stellar Cyber’s recommended hardware requirements.

Troubleshooting & Support

If an agent does not upgrade or behaves unexpectedly:
  1. Contact: TechOps@cyflare.com
  2. CyFlare Operations Engineering will:
    1. Investigate upgrade failures
    2. Provide remediation steps
    3. Coordinate advanced troubleshooting if needed
In some cases, resolution may involve:
  1. Reinstalling the agent
  2. Validating system compatibility
  3. Manual intervention

Frequently Asked Questions (FAQ)

1. Are reboots required during the upgrade?
            Answer: No. Reboots are not required during standard Stellar Sensor upgrades, but customers must opt-out by informing CyFlare. This is not recommended and further complicates the process.

2. Can I opt out of CyFlare-managed upgrade windows?
            Answer: Yes, you can request to opt out by contacting your dedicated Customer Success Manager or reaching out to TechOps@cyflare.com.

3. If I choose not to upgrade, will I still receive support?
            Answer: Yes, but support may be limited if your agents are 3 or more versions behind, as these are considered End-of-Support by Stellar Cyber.

4. Am I susceptible to risk if I do not upgrade my agents?
            Answer: Yes, outdated agents can lead to gaps in telemetry, missed detections, lack of enhancements, and potential operational issues.

5. An older agent version is not properly upgrading, what can I do?
            Answer: Contact TechOps@cyflare.com for evaluation, though reinstalling the latest agent version often resolves the issue if system requirements are met.

6. Can I manage my own upgrades?
            Answer: Yes, but CyFlare is not responsible for issues resulting from missed upgrades or outdated agents if you choose to manage them independently.

7. If I am opted out of standard CyFlare upgrades, how can I get scheduled for an upgrade window?
            Answer: Reach out to your dedicated CSM or contact Operations Engineering directly at TechOps@cyflare.com.

Best Practices

  1. Keep endpoints online and reachable
  2. Stay aligned with CyFlare’s upgrade strategy
  3. Avoid falling multiple versions behind
  4. Communicate early if:
    1. You require controlled upgrades
    2. You have sensitive systems
    3. You observe unexpected behavior

Contact Information

For any upgrade-related questions or issues:

📧 TechOps@cyflare.com

    • Related Articles

    • mEDR: SentinelOne Agent Upgrade Process

      Overview CyFlare’s mEDR service includes the continuous management and upgrading of SentinelOne agents across customer environments. This ensures endpoints remain protected with the latest detection capabilities, performance improvements, and ...

    • XDRaaS - Quick Start Guide (QSG)

      XDRaaS – Quick Start Guide The following items will help guide you through what CyFlare’s deployment team will be working on with you, to get you ingesting data, and moving to being monitored, by the SOC, as quickly as possible. The main items that ...

    • Use Case #3: Disable User Account

      Active Directory response actions is intended to be utilized when a high probably user compromise incident has been identified by the SOC. The account or device associated with the incident needs to be disabled immediately to avoid further spread ...

    • Use Case #4: Email Integration 

      Exchange/Email servers are a vital part of implementing automated response actions as one of the most common entry points for malicious/unknown entities into customers’ environments. The SOC is enabled with these response actions to prevent and ...

    • Use Case #1: Firewall Policy Update

      Firewall response actions are the best way to deal with noisy public IPs attempting to ping/connect to external public-facing servers in the customer’s environment. This can also help respond to potential malicious IPs very quickly through automated ...