https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-pro-exploit-profile-question/m-p/584978#M6592 <P>Hello dear comminity,&nbsp;</P> <P>is there any log to see, filter or get notified, if the agent makes changes in the configuration?&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="RFeyertag_1-1714073577863.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/59311iCB4377EFCC7305F4/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="RFeyertag_1-1714073577863.png" alt="RFeyertag_1-1714073577863.png" /></span></P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> <P>&nbsp;</P> Thu, 25 Apr 2024 19:34:14 GMT RFeyertag 2024-04-25T19:34:14Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-pro-exploit-profile-question/m-p/584978#M6592 <P>Hello dear comminity,&nbsp;</P> <P>is there any log to see, filter or get notified, if the agent makes changes in the configuration?&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="RFeyertag_1-1714073577863.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/59311iCB4377EFCC7305F4/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="RFeyertag_1-1714073577863.png" alt="RFeyertag_1-1714073577863.png" /></span></P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> <P>&nbsp;</P> Thu, 25 Apr 2024 19:34:14 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-pro-exploit-profile-question/m-p/584978#M6592 RFeyertag 2024-04-25T19:34:14Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-pro-exploit-profile-question/m-p/584982#M6594 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190671">@RFeyertag</a>, thanks for reaching us using the Live Community.</P> <P>&nbsp;</P> <P>That feature only applies on those specific CVEs:&nbsp; CVE-2021-24074, CVE-2021-24086, and CVE-2021-24094 for <A href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24086" target="_self">unpatched systems</A>.</P> <P>You can see more details about this setting in the <A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-Exploit-Security-Profile" target="_self">Add a New Exploit Security Profile</A> document page.</P> <P>In this same page you can also see which commands are executed on the endpoints (item 4) to patch this vulnerabilities, those can be used to run a XQL query and find on which endpoints it was applied.</P> <P>&nbsp;</P> <P>If this post answers your question, please mark it as the solution.</P> Thu, 25 Apr 2024 20:18:38 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-pro-exploit-profile-question/m-p/584982#M6594 jmazzeo 2024-04-25T20:18:38Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-pro-exploit-profile-question/m-p/584983#M6595 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/310428">@jmazzeo</a>&nbsp;Thank you! I thought this would be a general vulnerability setting changer.&nbsp;</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Thu, 25 Apr 2024 20:45:20 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-pro-exploit-profile-question/m-p/584983#M6595 RFeyertag 2024-04-25T20:45:20Z