I am curious about if there is a way to find out which Endpoints in certain environment do not yet have XDR Agent installed.
I still two options, but had no practical experience in testing it:
1. Directory Sync with Cortex XDR. Would it detect endpoints (which are in AD) that do not have XDR Agent yet installed?
2. Pathfinder. Would Pathfinder be something useful to detect such cases, even for those that are not in AD?
Any other option?
Cortex XDR does use more than Directory Sync -- the key is Asset Management. Please see this doc on how assets are discovered.
Please see the bottom of this post: https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/directory-sync-usage/td-p/376055
Yep, aware about this one. However, this only works if all endpoints are joined into to the Domain (AD). It cannot detect endpoints that are not part of the domain.
Was hopping Cortex would have some sort of passive scanner with Pathfinder to detect endpoints in environment and then populate them in Endpoint Administration console and mark them if they do not have agent installed (similarly like Directory Sync does).
Was hopping there was some sort of passive scanner that would di
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!