https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-for-file-folder-name/m-p/574721#M5967 <P>Dear&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/593283889">@Prashanta</a>,&nbsp;</P> <P>&nbsp;</P> <P>Hope you are doing well, and thank you for reaching out to our live community. From the above query I understand that you would like to search for a file or a folder across the environment.&nbsp;</P> <P>&nbsp;</P> <P>Please try the query below and see if you are able to get the desired results, thank you.&nbsp;</P> <P>&nbsp;</P> <P>preset = xdr_file<BR />| filter agent_hostname = "Host_name" // To filter a particular host<BR />| filter action_file_name contains "file.txt" // To find file by file name<BR />| filter (action_file_path contains """test_folder""") //To find the folder by folder name</P> <P>&nbsp;</P> <P>If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.</P> Mon, 29 Jan 2024 10:56:52 GMT abdrahman 2024-01-29T10:56:52Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-for-file-folder-name/m-p/574629#M5962 <P><SPAN>How can I locate a particular file or folder across all endpoints?&nbsp;<BR />file or folder name :&nbsp;<SPAN class="ui-provider ee bjo bft bnh bni bnj bnk bnl bnm bnn bno bnp bnq bnr bns bnt bnu bnv bnw bnx bny bnz boa bob boc bod boe bof bog boh boi boj bok bol bom">bihmplhobchoageeokmgbdihknkjbknd<BR /><BR />Thanks community&nbsp;</SPAN></SPAN></P> <P><SPAN><SPAN class="ui-provider ee bjo bft bnh bni bnj bnk bnl bnm bnn bno bnp bnq bnr bns bnt bnu bnv bnw bnx bny bnz boa bob boc bod boe bof bog boh boi boj bok bol bom"><LI-PRODUCT title="Cortex XDR" id="Cortex_XDR"></LI-PRODUCT></SPAN></SPAN></P> Sun, 28 Jan 2024 06:02:55 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-for-file-folder-name/m-p/574629#M5962 Prashanta 2024-01-28T06:02:55Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-for-file-folder-name/m-p/574721#M5967 <P>Dear&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/593283889">@Prashanta</a>,&nbsp;</P> <P>&nbsp;</P> <P>Hope you are doing well, and thank you for reaching out to our live community. From the above query I understand that you would like to search for a file or a folder across the environment.&nbsp;</P> <P>&nbsp;</P> <P>Please try the query below and see if you are able to get the desired results, thank you.&nbsp;</P> <P>&nbsp;</P> <P>preset = xdr_file<BR />| filter agent_hostname = "Host_name" // To filter a particular host<BR />| filter action_file_name contains "file.txt" // To find file by file name<BR />| filter (action_file_path contains """test_folder""") //To find the folder by folder name</P> <P>&nbsp;</P> <P>If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.</P> Mon, 29 Jan 2024 10:56:52 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-for-file-folder-name/m-p/574721#M5967 abdrahman 2024-01-29T10:56:52Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-for-file-folder-name/m-p/574728#M5969 <P>Hello,</P> <P>&nbsp;</P> <P>I believe you want to locate the file or path across all endpoints. I am adding my suggestions for the same,</P> <P>&nbsp;</P> <P>File name:</P> <P>&nbsp;</P> <P>preset = xdr_file<BR />|filter action_file_name contains "usage"<BR />|fields action_file_name ,_time , agent_hostname ,agent_ip_addresses ,agent_mac_addresses ,agent_os_type , action_file_path</P> <P>&nbsp;</P> <P>Folder path:</P> <P>preset = xdr_file<BR />|filter&nbsp;<SPAN>action_file_path contains """test_folder"""</SPAN><BR />|fields &nbsp;<SPAN>action_file_path</SPAN> ,_time , agent_hostname ,agent_ip_addresses ,agent_mac_addresses ,agent_os_type , action_file_path</P> <P>&nbsp;</P> <P>By running just "preset = xdr_file" in Query builder, you will see multiple fields. You can modify the filed or join with another tables to get more information and modify the query as per the requirement.</P> <P>&nbsp;</P> <P><SPAN>If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.</SPAN></P> Mon, 29 Jan 2024 12:22:25 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-for-file-folder-name/m-p/574728#M5969 aspatil 2024-01-29T12:22:25Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-for-file-folder-name/m-p/574899#M5977 <P>Its works. Thank you.</P> Tue, 30 Jan 2024 09:56:54 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-for-file-folder-name/m-p/574899#M5977 Prashanta 2024-01-30T09:56:54Z