https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/need-help-sorting-my-applications-and-endpoint-names-using-an/m-p/571293#M5824 <P><SPAN>Hello&nbsp;</SPAN><A href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/308232" target="_blank">@aspatil</A><SPAN>&nbsp;</SPAN><BR /><SPAN>Thanks for the reply, I&nbsp;need the OS_version also like,&nbsp;Windows 10,&nbsp; 10.0.10240<BR />i can't get the os version with query,&nbsp;but it exists on host inventory &gt; application &gt; operating system &gt; os&nbsp;</SPAN>version.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Regards.&nbsp;<BR />prashanta&nbsp;</P> Sat, 30 Dec 2023 03:17:33 GMT Prashanta 2023-12-30T03:17:33Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/need-help-sorting-my-applications-and-endpoint-names-using-an/m-p/569387#M5700 <P>I want to sort my endpoint based on all application, like which application are using which specific endpoint? using an XQL query.<BR /><LI-PRODUCT title="Cortex XDR" id="Cortex_XDR"></LI-PRODUCT>&nbsp;#xql_query</P> <P>&nbsp;</P> Tue, 12 Dec 2023 05:25:13 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/need-help-sorting-my-applications-and-endpoint-names-using-an/m-p/569387#M5700 Prashanta 2023-12-12T05:25:13Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/need-help-sorting-my-applications-and-endpoint-names-using-an/m-p/569400#M5702 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/593283889">@Prashanta</a>&nbsp;,</P> <P>&nbsp;</P> <P><SPAN>Thank you for writing to live community.</SPAN></P> <P>&nbsp;</P> <P><SPAN>You can use below query as a sample and modify it as per your requirement:</SPAN></P> <P>preset = host_inventory_applications</P> <P>|fields Vendor, application_name, version, manager_name, endpoint_name</P> <P>&nbsp;</P> <P>if you need the application on the number of endpoints, use below:</P> <P>preset = host_inventory_applications</P> <P>|fields Vendor, application_name, version, manager_name, endpoint_name<BR />|comp count(endpoint_name) as counter by vendor, application_name, version, manager_name<BR />|sort desc counter</P> <P>&nbsp;</P> <P>Hope this helps!</P> <P>Please mark the response as "Accept as Solution" if it answers your query.</P> <P>&nbsp;</P> <P>Regards</P> Tue, 12 Dec 2023 06:52:44 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/need-help-sorting-my-applications-and-endpoint-names-using-an/m-p/569400#M5702 aspatil 2023-12-12T06:52:44Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/need-help-sorting-my-applications-and-endpoint-names-using-an/m-p/571064#M5809 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/308232">@aspatil</a>&nbsp;<BR />Thanks for the reply, If I add with this parameter OS type, OS version&nbsp;...? how can i do that? like need windows information.&nbsp;</P> <P><BR />preset = host_inventory_applications</P> <P>|fields Vendor, application_name, version, manager_name, endpoint_name,</P> Thu, 28 Dec 2023 05:17:54 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/need-help-sorting-my-applications-and-endpoint-names-using-an/m-p/571064#M5809 Prashanta 2023-12-28T05:17:54Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/need-help-sorting-my-applications-and-endpoint-names-using-an/m-p/571136#M5815 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/593283889">@Prashanta</a>&nbsp;,</P> <P>&nbsp;</P> <P>You can use below and play around it:</P> <P>preset = host_inventory_applications<BR />|fields Vendor, application_name, version, manager_name, endpoint_name<BR />|join (preset = host_inventory_endpoints | fields endpoint_name , operating_system, os_type, endpoint_type )<BR />as ep ep.endpoint_name = endpoint_name</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Hope this helps!</P> <P>Please mark the response as "Accept as Solution" if it answers your query.</P> <P>&nbsp;</P> Thu, 28 Dec 2023 16:04:04 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/need-help-sorting-my-applications-and-endpoint-names-using-an/m-p/571136#M5815 aspatil 2023-12-28T16:04:04Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/need-help-sorting-my-applications-and-endpoint-names-using-an/m-p/571293#M5824 <P><SPAN>Hello&nbsp;</SPAN><A href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/308232" target="_blank">@aspatil</A><SPAN>&nbsp;</SPAN><BR /><SPAN>Thanks for the reply, I&nbsp;need the OS_version also like,&nbsp;Windows 10,&nbsp; 10.0.10240<BR />i can't get the os version with query,&nbsp;but it exists on host inventory &gt; application &gt; operating system &gt; os&nbsp;</SPAN>version.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Regards.&nbsp;<BR />prashanta&nbsp;</P> Sat, 30 Dec 2023 03:17:33 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/need-help-sorting-my-applications-and-endpoint-names-using-an/m-p/571293#M5824 Prashanta 2023-12-30T03:17:33Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/need-help-sorting-my-applications-and-endpoint-names-using-an/m-p/573481#M5905 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/593283889">@Prashanta</a>&nbsp;,</P> <P>&nbsp;</P> <P>preset = host_inventory_applications<BR />|fields Vendor, application_name, version, manager_name, endpoint_name<BR />|join(dataset = endpoints | fields endpoint_name ,operating_system, os_version, platform, endpoint_type)<BR />as ep ep.endpoint_name = endpoint_name</P> <P>&nbsp;</P> <P>Hope this helps!</P> <P>Please mark the response as "Accept as Solution" if it answers your query.</P> <P>&nbsp;</P> Thu, 18 Jan 2024 15:17:18 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/need-help-sorting-my-applications-and-endpoint-names-using-an/m-p/573481#M5905 aspatil 2024-01-18T15:17:18Z