https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/host-insights-enabled-yet-only-12-have-any-cve-information-how/m-p/557712#M5141 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/133333">@PC-TomS</a>&nbsp;</P> <P>&nbsp;</P> <P>Thanks for reaching out on Live Community!</P> <P>There are few pointers we need to clarify before we can suggest some solution.</P> <P>1. Do you have enough number of Host Insight licenses? Since Host insight is an add-on separate from pro license, many times it happen that customer do not buy equal number licenses as compare to their pro licenses. So host insight will only work for the number of endpoints&nbsp; for which add-on was bought.</P> <P>2. Please verify if Host Insight was enabled for all the endpoints. When we have multiple profiles, it can happen that we may miss out on some profiles for which host insight capability was not enabled. Please ensure that all the profiles for which you want to enable host insight, you go to the agent setting profile and then first enable the pro capabilities(Disabled by default) and then enable host insight capability(Enabled by default) along with the sub menu for Endpoint Information Collection.</P> <P>3. Please follow below document to verify if your endpoints meet the requirement for vulnerability assessment.</P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Vulnerability-Assessment?tocId=1asxAZOcVriCZCDhfe0jQQ" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Vulnerability-Assessment?tocId=1asxAZOcVriCZCDhfe0jQQ</A></P> Wed, 13 Sep 2023 13:40:21 GMT nsinghvirk 2023-09-13T13:40:21Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/host-insights-enabled-yet-only-12-have-any-cve-information-how/m-p/557619#M5135 <P>We've been running XDR Pro per endpoint since late 2022 with the host insights add-on licensed and enabled for all endpoints.<BR />CVE data exists for around 12% of the endpoints and include every OS, etc... no rhyme or reason why some work, but most do not.<BR />I cannot determine why it is or isn't working on all endpoints and don't know of a way to troubleshoot it.<BR /><BR />Anyone else having this issue?&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 12 Sep 2023 23:45:10 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/host-insights-enabled-yet-only-12-have-any-cve-information-how/m-p/557619#M5135 PC-TomS 2023-09-12T23:45:10Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/host-insights-enabled-yet-only-12-have-any-cve-information-how/m-p/557712#M5141 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/133333">@PC-TomS</a>&nbsp;</P> <P>&nbsp;</P> <P>Thanks for reaching out on Live Community!</P> <P>There are few pointers we need to clarify before we can suggest some solution.</P> <P>1. Do you have enough number of Host Insight licenses? Since Host insight is an add-on separate from pro license, many times it happen that customer do not buy equal number licenses as compare to their pro licenses. So host insight will only work for the number of endpoints&nbsp; for which add-on was bought.</P> <P>2. Please verify if Host Insight was enabled for all the endpoints. When we have multiple profiles, it can happen that we may miss out on some profiles for which host insight capability was not enabled. Please ensure that all the profiles for which you want to enable host insight, you go to the agent setting profile and then first enable the pro capabilities(Disabled by default) and then enable host insight capability(Enabled by default) along with the sub menu for Endpoint Information Collection.</P> <P>3. Please follow below document to verify if your endpoints meet the requirement for vulnerability assessment.</P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Vulnerability-Assessment?tocId=1asxAZOcVriCZCDhfe0jQQ" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Vulnerability-Assessment?tocId=1asxAZOcVriCZCDhfe0jQQ</A></P> Wed, 13 Sep 2023 13:40:21 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/host-insights-enabled-yet-only-12-have-any-cve-information-how/m-p/557712#M5141 nsinghvirk 2023-09-13T13:40:21Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/host-insights-enabled-yet-only-12-have-any-cve-information-how/m-p/558177#M5162 <P>Thanks anyway for trying, this&nbsp;is now a support case.</P> <P>To answer your questions:</P> <P>&nbsp;</P> <UL> <LI>We have enough licenses.</LI> <LI>It is enabled on all endpoints.</LI> <LI>All endpoints meet the requirements.</LI> </UL> <P>&nbsp;</P> <P>Tom</P> Fri, 15 Sep 2023 18:46:38 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/host-insights-enabled-yet-only-12-have-any-cve-information-how/m-p/558177#M5162 PC-TomS 2023-09-15T18:46:38Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/host-insights-enabled-yet-only-12-have-any-cve-information-how/m-p/585551#M6620 <P>Did you find a solution? I have the same issue.&nbsp;</P> Wed, 01 May 2024 17:42:41 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/host-insights-enabled-yet-only-12-have-any-cve-information-how/m-p/585551#M6620 BFournier 2024-05-01T17:42:41Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/host-insights-enabled-yet-only-12-have-any-cve-information-how/m-p/585574#M6621 <P>I would try to reinstall an agent. We had also some likely issues. In our case we hadn't enough licenses, bought some, but the agents didn't get the information to push the data. We had to reinstall the agent.&nbsp;</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Wed, 01 May 2024 20:12:46 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/host-insights-enabled-yet-only-12-have-any-cve-information-how/m-p/585574#M6621 RFeyertag 2024-05-01T20:12:46Z