https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vuln-drivers-scan/m-p/649409#M7462 <P>Hi,</P> <P>&nbsp;</P> <P>Anyone know if is possible to retrieve the devices with drivers with vulnerabilities?<BR />I've a lot devices with <LI-PRODUCT title="Cortex XDR" id="Cortex_XDR"></LI-PRODUCT>&nbsp;and my objective is force IT guys, update vulnerable drivers etc.</P> <P>&nbsp;</P> Fri, 22 Nov 2024 12:30:02 GMT tlmarques 2024-11-22T12:30:02Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vuln-drivers-scan/m-p/649409#M7462 <P>Hi,</P> <P>&nbsp;</P> <P>Anyone know if is possible to retrieve the devices with drivers with vulnerabilities?<BR />I've a lot devices with <LI-PRODUCT title="Cortex XDR" id="Cortex_XDR"></LI-PRODUCT>&nbsp;and my objective is force IT guys, update vulnerable drivers etc.</P> <P>&nbsp;</P> Fri, 22 Nov 2024 12:30:02 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vuln-drivers-scan/m-p/649409#M7462 tlmarques 2024-11-22T12:30:02Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vuln-drivers-scan/m-p/684582#M7478 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/307134">@tlmarques</a>&nbsp;<BR /><BR />Thanks for your query on LC!<BR /><BR />XDR offers built in rules which basically detects and reports vulnerable drivers so one way I could think of is building an XQL to filter the hosts that have these "Vulnerable driver loaded" alerts and we can also run a query to list all the unsigned drivers to investigate on.<BR /><BR />Give a like or mark as solution if this suggestion helped.<BR /><BR />Best,<BR />Naveen<BR /><BR /><BR /></P> Tue, 26 Nov 2024 07:38:53 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vuln-drivers-scan/m-p/684582#M7478 nar 2024-11-26T07:38:53Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vuln-drivers-scan/m-p/704415#M7482 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/196805">@nar</a>&nbsp; thnks, i know that, my problem is, it dont see the filter in XQL for "description"<BR /><BR /></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="tlmarques_0-1732647357602.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/64287i8161A70A15157599/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="tlmarques_0-1732647357602.png" alt="tlmarques_0-1732647357602.png" /></span></P> <P>&nbsp;</P> Tue, 26 Nov 2024 18:56:32 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vuln-drivers-scan/m-p/704415#M7482 tlmarques 2024-11-26T18:56:32Z