https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cves-for-applications-unsupported-platform/m-p/1205038#M7786 <P>We have quite a bit of different softwares installed here, many Adobe products, 7-zip etc which I know have CVEs issued. Do I need to do something to enable this feature in XDR? ALL of the software detected shows Unsupported Platform. Does this feature actually work?</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="DopedWafer_0-1737557531926.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/65355i1317EC8C3510911B/image-size/medium?v=v2&amp;px=400" role="button" title="DopedWafer_0-1737557531926.png" alt="DopedWafer_0-1737557531926.png" /></span></P> <P>&nbsp;</P> Wed, 22 Jan 2025 14:53:40 GMT DopedWafer 2025-01-22T14:53:40Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cves-for-applications-unsupported-platform/m-p/1205038#M7786 <P>We have quite a bit of different softwares installed here, many Adobe products, 7-zip etc which I know have CVEs issued. Do I need to do something to enable this feature in XDR? ALL of the software detected shows Unsupported Platform. Does this feature actually work?</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="DopedWafer_0-1737557531926.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/65355i1317EC8C3510911B/image-size/medium?v=v2&amp;px=400" role="button" title="DopedWafer_0-1737557531926.png" alt="DopedWafer_0-1737557531926.png" /></span></P> <P>&nbsp;</P> Wed, 22 Jan 2025 14:53:40 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cves-for-applications-unsupported-platform/m-p/1205038#M7786 DopedWafer 2025-01-22T14:53:40Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cves-for-applications-unsupported-platform/m-p/1205056#M7787 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/37384">@DopedWafer</a>&nbsp;</P> <P>&nbsp;</P> <P>Thanks for reaching out on LiveCommunity!</P> <P>Please check if you meet all the prerequisites for vulnerability assessment.</P> <TABLE class="informaltable frame-void rules-rows"> <THEAD> <TR> <TH class="th"> <P>Requirement</P> </TH> <TH class="th"> <P>Description</P> </TH> </TR> </THEAD> <TBODY> <TR> <TD class="td"> <P>Licenses and Add-ons</P> </TD> <TD class="td"> <DIV class="itemizedlist"> <UL class="itemizedlist"> <LI class="listitem"> <P><SPAN class="phrase">Cortex XDR</SPAN><SPAN>&nbsp;</SPAN>Pro per Endpoint license.</P> </LI> <LI class="listitem"> <P><SPAN class="phrase">Host Insights Add-on</SPAN>.</P> </LI> </UL> </DIV> </TD> </TR> <TR> <TD class="td"> <P>Supported Platforms</P> </TD> <TD class="td"> <DIV class="itemizedlist"> <UL class="itemizedlist"> <LI class="listitem"> <P><SPAN class="bold"><STRONG>Windows</STRONG></SPAN></P> <DIV class="itemizedlist"> <UL class="itemizedlist"> <LI class="listitem"> <P>Cortex XDR agent 7.1 or a later release.</P> </LI> <LI class="listitem"> <P><SPAN class="phrase">Cortex XDR</SPAN><SPAN>&nbsp;</SPAN>lists only CVEs relating to the operating system, and not CVEs relating to applications provided by other vendors.</P> </LI> <LI class="listitem"> <P><SPAN class="phrase">Cortex XDR</SPAN><SPAN>&nbsp;</SPAN>retrieves the latest data for each CVE from the NIST National<SPAN>&nbsp;</SPAN><MARK class="highlight-html-match" data-markjs="true">Vulnerability</MARK><SPAN>&nbsp;</SPAN>Database as well as from the Microsoft Security Response Center (MSRC).</P> </LI> <LI class="listitem"> <P><SPAN class="phrase">Cortex XDR</SPAN><SPAN>&nbsp;</SPAN>collects KB and application information from the agents but calculates CVE only for KBs based on the data collected from MSRC and other sources</P> </LI> <LI class="listitem"> <P>For endpoints running Windows Insider,<SPAN>&nbsp;</SPAN><SPAN class="phrase">Cortex XDR</SPAN><SPAN>&nbsp;</SPAN>cannot guarantee an accurate CVE<SPAN>&nbsp;</SPAN><MARK class="highlight-html-match" data-markjs="true">assessment</MARK>.</P> </LI> <LI class="listitem"> <P><SPAN class="phrase">Cortex XDR</SPAN><SPAN>&nbsp;</SPAN>does not display open CVEs for endpoints running Windows releases for which Microsoft no longer fixes CVEs.</P> </LI> </UL> </DIV> </LI> <LI class="listitem"> <P><SPAN class="bold"><STRONG>Linux</STRONG></SPAN></P> <DIV class="itemizedlist"> <UL class="itemizedlist"> <LI class="listitem"> <P>Cortex XDR agent 7.1 or a later release.</P> </LI> </UL> </DIV> <P><SPAN class="phrase">Cortex XDR</SPAN><SPAN>&nbsp;</SPAN>collects all the information about the operating system and the installed applications, and calculates CVE based on the the latest data retrieved from the NIST.</P> </LI> <LI class="listitem"> <P><SPAN class="bold"><STRONG>MacOS</STRONG></SPAN></P> <DIV class="itemizedlist"> <UL class="itemizedlist"> <LI class="listitem"> <P>Cortex XDR agent 7.1 or a later release.</P> </LI> <LI class="listitem"> <P><SPAN class="phrase">Cortex XDR</SPAN><SPAN>&nbsp;</SPAN>collects only the applications list from MacOS without CVE calculation.</P> </LI> </UL> </DIV> </LI> </UL> </DIV> <P>If<SPAN>&nbsp;</SPAN><SPAN class="phrase">Cortex XDR</SPAN><SPAN>&nbsp;</SPAN>doesn't match any CVE to its corresponding application, an error message is displayed, "No CVEs Found".</P> </TD> </TR> <TR> <TD class="td"> <P>Setup and Permissions</P> </TD> <TD class="td"> <P>Ensure<SPAN>&nbsp;</SPAN><A class="link linktype-component ft-internal-link" title="Set up agent settings profiles" href="https://docs-cortex.paloaltonetworks.com/r/tOk5m1nUkEFSXa9rbbYdyw/u1DWJJpnW_oYQ3fu2kbFdQ" data-ft-click-interceptor="ft-internal-link" target="_blank">Host Inventory Data Collection</A><SPAN>&nbsp;</SPAN>is enabled for your Cortex XDR agent.</P> </TD> </TR> <TR> <TD class="td"> <P>Limitations</P> </TD> <TD class="td"> <P><SPAN class="phrase">Cortex XDR</SPAN><SPAN>&nbsp;</SPAN>calculates CVEs for applications according to the application version, and not according to application build numbers.</P> </TD> </TR> </TBODY> </TABLE> Wed, 22 Jan 2025 17:32:27 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cves-for-applications-unsupported-platform/m-p/1205056#M7787 nsinghvirk 2025-01-22T17:32:27Z