Cortex Vulnerability assessment report

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cortex Vulnerability assessment report

L1 Bithead

Hi,

 

I want to get a vulnerability report every 30 days, the format should be like the one which we can download from vulnerability assessment tab. Hope I should create xql query can someone help me on the same

 

Thanks

1 accepted solution

Accepted Solutions

L3 Networker

If you want the excel format then while you creating the report you would see an option attach .csv format, click on it and select the report that would like to see as csv file, which will be sent to you in a zip format(includes pdf, csv format files). Here I am attaching a sample query which would fetch the relevant fields, please tune it according to your exact requirement.
dataset = va_cves
| fields name, cve_id , severity , severity_score, affected_hosts

|arrayexpand affected_hosts

| join(preset = host_inventory_endpoints |

fields endpoint_name, operating_system , endpoint_type, last_report_time ) as ep ep.endpoint_name = affected_hosts

View solution in original post

4 REPLIES 4

L3 Networker

Hi @S.Sreenivasulu 

 

Thank you for writing to LC!

Yes, you can schedule a report for every 30days- we have a prebuilt report template that shows the relevant info and you can also add in customizable widgets and make it more relevant to your use case.

You can goto- Report templates section under Dashboard & reports > New template > select VULNERABILITY ASSESSMENT REPORT from the dropdown and click next to view the mock/real data > you can drag drop additional widgets from left coulmn > schedule & save

Refer - https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Reports

If you want to try and explore XQL, y
ou can just run dataset = va_endpoints,  analyze the output and create your own as per your requirement.

Refer - https://live.paloaltonetworks.com/t5/cortex-xdr-how-to-videos/cortex-xdr-basic-xql-crash-course/ta-p...

If you found this answer helpful, please select Accept as Solution.

Best,

Hi @nar 

 

Thanks, but I am unable to fetch the full report as this exports in PDF format i want the same in excel format.

 

As the same we used to export from vulnerability assessment form.

 

Regards

L3 Networker

If you want the excel format then while you creating the report you would see an option attach .csv format, click on it and select the report that would like to see as csv file, which will be sent to you in a zip format(includes pdf, csv format files). Here I am attaching a sample query which would fetch the relevant fields, please tune it according to your exact requirement.
dataset = va_cves
| fields name, cve_id , severity , severity_score, affected_hosts

|arrayexpand affected_hosts

| join(preset = host_inventory_endpoints |

fields endpoint_name, operating_system , endpoint_type, last_report_time ) as ep ep.endpoint_name = affected_hosts

Thanks

  • 1 accepted solution
  • 476 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!