https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/os-fingerprinting-feature-in-distributed-network-scan-pro/m-p/572869#M5875 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1637048063">@PhyoWaiSoe</a>&nbsp;</P> <P>&nbsp;</P> <P>This statement means that at least two neighbour endpoints should be present within a subnet for agent to perform ping or NMAP scan. In other words, if there is only one endpoint present within a subnet then no other endpoint is available for it to do the scan.</P> Fri, 12 Jan 2024 14:27:56 GMT nsinghvirk 2024-01-12T14:27:56Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/os-fingerprinting-feature-in-distributed-network-scan-pro/m-p/571133#M5813 <P>Hi All,<BR />We are using XDR Pro version with agent version 8.2. I am curious about this <STRONG>OS fingerprinting</STRONG> feature under Distributed Network scan setting in Agent profile. I have already configured Network Location Configuration and also configured other things as shown in the attached screenshot. I was hoping it would return the OS type/version of other systems the XDR agents discovered. But so far, it doesn't seem to be doing much. Am I missing something?<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Distributed Network Scan" style="width: 734px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/56147iFD7576299FC40149/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="XDR Screenshot.png" alt="Distributed Network Scan" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Distributed Network Scan</span></span><BR />My network location configuration is set like this (actual DNS server name/IP address changed for the screenshot).<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Network location" style="width: 796px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/56148i4C4261BBFCDDB5D9/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="network loc config.png" alt="Network location" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Network location</span></span></P> Thu, 28 Dec 2023 15:39:05 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/os-fingerprinting-feature-in-distributed-network-scan-pro/m-p/571133#M5813 PhyoWaiSoe 2023-12-28T15:39:05Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/os-fingerprinting-feature-in-distributed-network-scan-pro/m-p/572070#M5852 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1637048063">@PhyoWaiSoe</a>&nbsp;</P> <P>&nbsp;</P> <P>Thanks for reaching out on LiveCommunity!</P> <P>Apologies for late response. Information provided via screenshot looks correct. Below are the few key factors in network configuration that can affect scanning.</P> <UL class="p-rich_text_list p-rich_text_list__bullet" data-stringify-type="unordered-list" data-indent="1" data-border="0"> <LI data-stringify-indent="1" data-stringify-border="0">Subnet mask settings and name service configuration influence the scanning</LI> <LI data-stringify-indent="1" data-stringify-border="0">Network Location configuration should be enabled</LI> <LI data-stringify-indent="1" data-stringify-border="0">Excluded IP address ranges will not be scanned</LI> <LI data-stringify-indent="1" data-stringify-border="0">At least 2 peers are required to be detected for the agent to be assigned the scanning task.</LI> <LI data-stringify-indent="1" data-stringify-border="0">This scan occurs at subnet level and it will not go over L3 boundary.</LI> </UL> <P>Below are the expected results from ping and NMAP scans.</P> <UL class="p-rich_text_list p-rich_text_list__bullet" data-stringify-type="unordered-list" data-indent="1" data-border="0"> <LI data-stringify-indent="1" data-stringify-border="0">Ping:</LI> </UL> <UL class="p-rich_text_list p-rich_text_list__bullet" data-stringify-type="unordered-list" data-indent="2" data-border="0"> <LI data-stringify-indent="2" data-stringify-border="0">IP address</LI> <LI data-stringify-indent="2" data-stringify-border="0">Mac address</LI> <LI data-stringify-indent="2" data-stringify-border="0">Hostname</LI> <LI data-stringify-indent="2" data-stringify-border="0">Platform (Windows/Mac/Linux)</LI> </UL> <P>&nbsp;</P> <UL class="p-rich_text_list p-rich_text_list__bullet" data-stringify-type="unordered-list" data-indent="2" data-border="0"> <LI data-stringify-indent="2" data-stringify-border="0">NMap</LI> </UL> <UL class="p-rich_text_list p-rich_text_list__bullet" data-stringify-type="unordered-list" data-indent="2" data-border="0"> <LI data-stringify-indent="2" data-stringify-border="0">IP address</LI> <LI data-stringify-indent="2" data-stringify-border="0">Hostname</LI> <LI data-stringify-indent="2" data-stringify-border="0">Platform</LI> <LI data-stringify-indent="2" data-stringify-border="0">OS Version</LI> </UL> <P>If everything is configured as per the rules mentioned above than please raise a TAC case. This may require additional analysis.</P> <P>&nbsp;</P> <P>Please c<SPAN>lick&nbsp;</SPAN><STRONG>Accept as Solution</STRONG><SPAN>&nbsp;to acknowledge that the answer to your question has been provided.</SPAN></P> <P>&nbsp;</P> Mon, 08 Jan 2024 12:48:10 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/os-fingerprinting-feature-in-distributed-network-scan-pro/m-p/572070#M5852 nsinghvirk 2024-01-08T12:48:10Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/os-fingerprinting-feature-in-distributed-network-scan-pro/m-p/572811#M5870 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/256101">@nsinghvirk</a>&nbsp;,<BR /><BR />Thanks for the comprehensive reply. Because I am a total beginner when it comes to Cortex XDR, I am not clear about this sentence. Can you please explain a bit more? Thanks once again.<BR /><BR /></P> <UL class="p-rich_text_list p-rich_text_list__bullet" data-stringify-type="unordered-list" data-indent="1" data-border="0"> <LI data-stringify-indent="1" data-stringify-border="0">At least 2 peers are required to be detected for the agent to be assigned the scanning task.</LI> </UL> Fri, 12 Jan 2024 03:35:34 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/os-fingerprinting-feature-in-distributed-network-scan-pro/m-p/572811#M5870 PhyoWaiSoe 2024-01-12T03:35:34Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/os-fingerprinting-feature-in-distributed-network-scan-pro/m-p/572869#M5875 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1637048063">@PhyoWaiSoe</a>&nbsp;</P> <P>&nbsp;</P> <P>This statement means that at least two neighbour endpoints should be present within a subnet for agent to perform ping or NMAP scan. In other words, if there is only one endpoint present within a subnet then no other endpoint is available for it to do the scan.</P> Fri, 12 Jan 2024 14:27:56 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/os-fingerprinting-feature-in-distributed-network-scan-pro/m-p/572869#M5875 nsinghvirk 2024-01-12T14:27:56Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/os-fingerprinting-feature-in-distributed-network-scan-pro/m-p/596727#M7141 <P>Hello, could you clarify where you dump the information you get from the scan, and what information do you dump? Hostname, OS, IP, agent installed?</P> Wed, 04 Sep 2024 08:35:58 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/os-fingerprinting-feature-in-distributed-network-scan-pro/m-p/596727#M7141 JPrezHidalgo 2024-09-04T08:35:58Z