https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vulnerability-management-cortex-xdr-first-detection-date-time/m-p/1235536#M8628 <P>Even without a full management system with statuses, it'd be helpful to have the first seen/detected date. The date<BR />would be the last_calculation_time from an existing vulnerability passed forward to a subsequent detection of the same<BR />vulnerability.</P> Wed, 06 Aug 2025 16:22:15 GMT Jeremy.Burdette 2025-08-06T16:22:15Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vulnerability-management-cortex-xdr-first-detection-date-time/m-p/593630#M7017 <P>Hello,</P> <P>I want to make some reporting and dashboard with the data provided from the agent vulnerabilty Scan.</P> <P>I would like to obtain the following informations:</P> <OL> <LI>How long has a CVE been present on a machine?</LI> <LI>How much time elapses between the appearance of a CVE and its disappearance (Hope is due to patching)on a machine?</LI> </OL> <P>I find nothing in the template and my squills in XQL are low. If someone can help I would be appreciated <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Most generaly I didn't find any info about the first detection date/time of CVE, is there a field where the info is located ?</P> <P>&nbsp;</P> <P>Thanks for the help</P> Wed, 31 Jul 2024 11:35:41 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vulnerability-management-cortex-xdr-first-detection-date-time/m-p/593630#M7017 MathB12 2024-07-31T11:35:41Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vulnerability-management-cortex-xdr-first-detection-date-time/m-p/593632#M7018 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/252726869">@MathB12</a>&nbsp;,</P> <P>&nbsp;</P> <P>Cortex XDR has a Vulnerability Assessment module that checks against the NIST database and presents a list of vulnerabilities. If a vulnerability is patched, it will simply disappear from the list without changing the status of the CVE to "closed." It does not have management capabilities.</P> <P>As a result, using XQL, you cannot retrieve information such as the age of the vulnerability, the date of first detection on endpoints, or similar data.</P> <P>I hope this clarifies things!</P> Wed, 31 Jul 2024 11:49:13 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vulnerability-management-cortex-xdr-first-detection-date-time/m-p/593632#M7018 aspatil 2024-07-31T11:49:13Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vulnerability-management-cortex-xdr-first-detection-date-time/m-p/593884#M7023 <P>Thanks&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/308232">@aspatil</a>&nbsp;That help me , maybe the functionality will come in the next version.</P> Fri, 02 Aug 2024 13:40:26 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vulnerability-management-cortex-xdr-first-detection-date-time/m-p/593884#M7023 MathB12 2024-08-02T13:40:26Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vulnerability-management-cortex-xdr-first-detection-date-time/m-p/1235536#M8628 <P>Even without a full management system with statuses, it'd be helpful to have the first seen/detected date. The date<BR />would be the last_calculation_time from an existing vulnerability passed forward to a subsequent detection of the same<BR />vulnerability.</P> Wed, 06 Aug 2025 16:22:15 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vulnerability-management-cortex-xdr-first-detection-date-time/m-p/1235536#M8628 Jeremy.Burdette 2025-08-06T16:22:15Z