Best way to detect endpoints that do not yet have Cortex XDR Agent installed
cancel
Showing results for 
Search instead for 
Did you mean: 

Best way to detect endpoints that do not yet have Cortex XDR Agent installed

L2 Linker

Hey guys,

 

I am curious about if there is a way to find out which Endpoints in certain environment do not yet have XDR Agent installed.

I still two options, but had no practical experience in testing it:

 

1. Directory Sync with Cortex XDR. Would it detect endpoints (which are in AD) that do not have XDR Agent yet installed?
2. Pathfinder. Would Pathfinder be something useful to detect such cases, even for those that are not in AD?

 

Any other option?

Thanks.

D

1 ACCEPTED SOLUTION

Accepted Solutions

Hi @DKasabji 

 

Cortex XDR does use more than Directory Sync -- the key is Asset Management.  Please see this doc on how assets are discovered.

 

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/asset-management/about-asse...


David Falcon 
Solutions Architect, Cortex
Palo Alto Networks® 

View solution in original post

6 REPLIES 6

L4 Transporter

Hi @DKasabji-

 

Are you using Prevent or Pro?


David Falcon 
Solutions Architect, Cortex
Palo Alto Networks® 

Hey @dfalcon , 

 

I am inquiring about Pro. We are PAN partners and I am responsible for Cortex XDR POCs etc. and it often comes this question, how to detect endpoints that do not yet have installed XDR Agent in their environment.

 

D

Hi @DKasabji-

 

Please see the bottom of this post:  https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/directory-sync-usage/td-p/376055

 


David Falcon 
Solutions Architect, Cortex
Palo Alto Networks® 

Yep, aware about this one. However, this only works if all endpoints are joined into to the Domain (AD). It cannot detect endpoints that are not part of the domain.

 

Was hopping Cortex would have some sort of passive scanner with Pathfinder to detect endpoints in environment and then populate them in Endpoint Administration console and mark them if they do not have agent installed (similarly like Directory Sync does).

 

Best,

D

Was hopping there was some sort of passive scanner that would di

Hi @DKasabji 

 

Cortex XDR does use more than Directory Sync -- the key is Asset Management.  Please see this doc on how assets are discovered.

 

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/asset-management/about-asse...


David Falcon 
Solutions Architect, Cortex
Palo Alto Networks® 

View solution in original post

This look like a solution I was looking for David, thanks. I will give it a read.


I have to see what else it requires to gain such visibility (Network Mapper, Pathfinder, Directory Sync, etc.).

 

Thanks.

D

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!