This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Best way to detect endpoints that do not yet have Cortex XDR Agent installed

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Best way to detect endpoints that do not yet have Cortex XDR Agent installed

Go to solution
DKasabji
L2 Linker

‎01-21-2021 01:24 AM

Hey guys,

 

I am curious about if there is a way to find out which Endpoints in certain environment do not yet have XDR Agent installed.

I still two options, but had no practical experience in testing it:

 

1. Directory Sync with Cortex XDR. Would it detect endpoints (which are in AD) that do not have XDR Agent yet installed?
2. Pathfinder. Would Pathfinder be something useful to detect such cases, even for those that are not in AD?

 

Any other option?

Thanks.

D

0 Likes Likes
15 REPLIES 15

Go to solution
ESJosephPrinz
L2 Linker

‎12-17-2021 05:28 AM

@WRoodhooft You would be correct.  I have spent 4 months working on this.  Started with the broker, net mapper and then when that didnt work, pathfinder per cortex support. They were incorrect.   Then tried the new 7.5 agent network discovery feature.. could not get that to work (nothing reported to asset manager). Now on dhcp Log collector.  The dhcp log collector is the closest we have gotten. However; while it is currently providing the name of the hosts to asset manager, the mac address is not in sync when hosts move from wlan to lan and visa versa so it is reporting false negatives. Currently working with cortex engineers to see if we can correct this but I suspect that the Cortex XDR agent is delaying the network adapter change so the mac addresses wont align and I dont know if that is going to be correctable. AT LEAST we have something actionable.. we have thousands of nameless IP's in the asset manager and this allows us to spot check what does show up.. BUT I have some concerns because thus far, DHCP log collector has not provided a single host name where XDR is installed (3 days now).. so something doesnt smell right.   

  • 9318 Views
  • 15 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks