https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-check-endpoint-has-no-agent-and-intregate-edl-with-ngfw/m-p/524438#M3270 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/261687">@Pattarachai-FTH</a>&nbsp;,&nbsp;</P> <P>&nbsp;</P> <P>Thank you for writing to live community!</P> <P>&nbsp;</P> <P>Having no agent is one part of the problem and integrate EDL with NGFW is another set. These are not related. Can you help us with more specific used case on the same.&nbsp;</P> <P>&nbsp;</P> <P>Your asset management tools can be used for checking applications installed, however, you can also do so using Cortex XDR by using Broker VM network mapper as&nbsp; a tool and aggregating DHCP logs for asset discovery. Cortex XDR Network mapper will scan the subnet to discover IPs and will populate entries for endpoints with agent installed as "YES". The DHCP logs ingestion will help you get appropriate MAC addresses for devices with IPs that do not have cortex agent installed on them. Some of them might be ICND devices where you cannot install agents, but remaining can be leveraged to check if those do not have agents and can be pushed for installation.&nbsp;</P> <P>&nbsp;</P> <P>Waiting to hear from you on your EDL perspective. Please mark this "Accept as Solution" if it answers your question.</P> <P>&nbsp;</P> <P>Regards</P> Mon, 19 Dec 2022 01:45:30 GMT neelrohit 2022-12-19T01:45:30Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-check-endpoint-has-no-agent-and-intregate-edl-with-ngfw/m-p/524328#M3266 <P>Hi Expert ,</P> <P>&nbsp;</P> <P>How to check endpoint has no agent and integrate edl with NGFW when found endpoint&nbsp;</P> <P>&nbsp;</P> <P>Now , I have try to create&nbsp; python script&nbsp; to get all endpoint&nbsp; but not have idea to check endpoint has no agent&nbsp;</P> <P>&nbsp;</P> <P>Thank you</P> Fri, 16 Dec 2022 04:01:13 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-check-endpoint-has-no-agent-and-intregate-edl-with-ngfw/m-p/524328#M3266 Pattarachai-FTH 2022-12-16T04:01:13Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-check-endpoint-has-no-agent-and-intregate-edl-with-ngfw/m-p/524438#M3270 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/261687">@Pattarachai-FTH</a>&nbsp;,&nbsp;</P> <P>&nbsp;</P> <P>Thank you for writing to live community!</P> <P>&nbsp;</P> <P>Having no agent is one part of the problem and integrate EDL with NGFW is another set. These are not related. Can you help us with more specific used case on the same.&nbsp;</P> <P>&nbsp;</P> <P>Your asset management tools can be used for checking applications installed, however, you can also do so using Cortex XDR by using Broker VM network mapper as&nbsp; a tool and aggregating DHCP logs for asset discovery. Cortex XDR Network mapper will scan the subnet to discover IPs and will populate entries for endpoints with agent installed as "YES". The DHCP logs ingestion will help you get appropriate MAC addresses for devices with IPs that do not have cortex agent installed on them. Some of them might be ICND devices where you cannot install agents, but remaining can be leveraged to check if those do not have agents and can be pushed for installation.&nbsp;</P> <P>&nbsp;</P> <P>Waiting to hear from you on your EDL perspective. Please mark this "Accept as Solution" if it answers your question.</P> <P>&nbsp;</P> <P>Regards</P> Mon, 19 Dec 2022 01:45:30 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-check-endpoint-has-no-agent-and-intregate-edl-with-ngfw/m-p/524438#M3270 neelrohit 2022-12-19T01:45:30Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-check-endpoint-has-no-agent-and-intregate-edl-with-ngfw/m-p/524444#M3271 <P>If you have an asset management tool like SCCM, I would recommend creating a Powershell script (or whatever scripting language you prefer) to run the command and parse the response to ensure it matches the current day. This will accomplish two checks, one being that the agent is installed (if the command fails due to cytool not existing the agent is not installed) and that it's healthy and connecting by validating its connected to the console that day. You'll sometimes run into agents where the service is running, but for one reason or another it's not communicating successful, so this will validate that.</P> Mon, 19 Dec 2022 03:24:38 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-check-endpoint-has-no-agent-and-intregate-edl-with-ngfw/m-p/524444#M3271 ZachIvins 2022-12-19T03:24:38Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-check-endpoint-has-no-agent-and-intregate-edl-with-ngfw/m-p/524445#M3272 <P>Sorry I forgot to include the actual command, it's "cytool last_checkin" - see&nbsp;<A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/7.9/Cortex-XDR-Agent-Administrator-Guide/Cytool-for-Windows" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/7.9/Cortex-XDR-Agent-Administrator-Guide/Cytool-for-Windows</A></P> Mon, 19 Dec 2022 03:25:48 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-check-endpoint-has-no-agent-and-intregate-edl-with-ngfw/m-p/524445#M3272 ZachIvins 2022-12-19T03:25:48Z