https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/file-lookup/m-p/529610#M3541 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/251467">@VineethArumulla</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thank you for writing to live community!</P> <P>&nbsp;</P> <P>As I understand you intend to lookup for presence of files or hashes in the endpoints using Cortex XDR. This is possible using the host insights "File Search" feature. If you have Cortex XDR Pro Per Endpoints license and Host-Insights add-on license, then you need to enable "Host Insights Capabilities".&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2023-02-02 at 8.44.12 PM.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/47600i3C59014F95A5725A/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Screenshot 2023-02-02 at 8.44.12 PM.png" alt="Screenshot 2023-02-02 at 8.44.12 PM.png" /></span></P> <P>If this enabled, then you can search for files by file paths or file hashes under the "Action Center" items. Select the file path with(or without) wildcards. You should be able to find the details for the same.&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2023-02-02 at 8.47.18 PM.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/47601i4597445A552AE741/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Screenshot 2023-02-02 at 8.47.18 PM.png" alt="Screenshot 2023-02-02 at 8.47.18 PM.png" /></span></P> <P>&nbsp;</P> <P>Alternatively, if you do not have the add-on license, then you can query for file names using Cortex XDR query builder.&nbsp; This would only happen provided if the file activity has been reported by Cortex XDR.&nbsp;</P> <P>&nbsp;</P> <P>Hope this helps!</P> <P>&nbsp;</P> <P>&nbsp;</P> <P> </P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 02 Feb 2023 13:22:12 GMT neelrohit 2023-02-02T13:22:12Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/file-lookup/m-p/529596#M3540 <P>Is it possible to check if a file is present on any system in network through Cortex XDR based on file name or the hash value of the file.</P> <P><LI-WRAPPER> </LI-WRAPPER></P> Thu, 02 Feb 2023 10:48:44 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/file-lookup/m-p/529596#M3540 VineethArumulla 2023-02-02T10:48:44Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/file-lookup/m-p/529610#M3541 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/251467">@VineethArumulla</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thank you for writing to live community!</P> <P>&nbsp;</P> <P>As I understand you intend to lookup for presence of files or hashes in the endpoints using Cortex XDR. This is possible using the host insights "File Search" feature. If you have Cortex XDR Pro Per Endpoints license and Host-Insights add-on license, then you need to enable "Host Insights Capabilities".&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2023-02-02 at 8.44.12 PM.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/47600i3C59014F95A5725A/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Screenshot 2023-02-02 at 8.44.12 PM.png" alt="Screenshot 2023-02-02 at 8.44.12 PM.png" /></span></P> <P>If this enabled, then you can search for files by file paths or file hashes under the "Action Center" items. Select the file path with(or without) wildcards. You should be able to find the details for the same.&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2023-02-02 at 8.47.18 PM.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/47601i4597445A552AE741/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Screenshot 2023-02-02 at 8.47.18 PM.png" alt="Screenshot 2023-02-02 at 8.47.18 PM.png" /></span></P> <P>&nbsp;</P> <P>Alternatively, if you do not have the add-on license, then you can query for file names using Cortex XDR query builder.&nbsp; This would only happen provided if the file activity has been reported by Cortex XDR.&nbsp;</P> <P>&nbsp;</P> <P>Hope this helps!</P> <P>&nbsp;</P> <P>&nbsp;</P> <P> </P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 02 Feb 2023 13:22:12 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/file-lookup/m-p/529610#M3541 neelrohit 2023-02-02T13:22:12Z