- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-24-2025 06:24 AM
Hi,
I want to get a vulnerability report every 30 days, the format should be like the one which we can download from vulnerability assessment tab. Hope I should create xql query can someone help me on the same
Thanks
01-27-2025 10:15 PM
If you want the excel format then while you creating the report you would see an option attach .csv format, click on it and select the report that would like to see as csv file, which will be sent to you in a zip format(includes pdf, csv format files). Here I am attaching a sample query which would fetch the relevant fields, please tune it according to your exact requirement.
dataset = va_cves
| fields name, cve_id , severity , severity_score, affected_hosts
|arrayexpand affected_hosts
| join(preset = host_inventory_endpoints |
fields endpoint_name, operating_system , endpoint_type, last_report_time ) as ep ep.endpoint_name = affected_hosts
01-26-2025 08:33 PM - edited 01-26-2025 08:34 PM
Thank you for writing to LC!
Yes, you can schedule a report for every 30days- we have a prebuilt report template that shows the relevant info and you can also add in customizable widgets and make it more relevant to your use case.
You can goto- Report templates section under Dashboard & reports > New template > select VULNERABILITY ASSESSMENT REPORT from the dropdown and click next to view the mock/real data > you can drag drop additional widgets from left coulmn > schedule & save
Refer - https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Reports
If you want to try and explore XQL, you can just run dataset = va_endpoints, analyze the output and create your own as per your requirement.
Refer - https://live.paloaltonetworks.com/t5/cortex-xdr-how-to-videos/cortex-xdr-basic-xql-crash-course/ta-p...
If you found this answer helpful, please select Accept as Solution.
Best,
01-26-2025 11:30 PM
Hi @nar
Thanks, but I am unable to fetch the full report as this exports in PDF format i want the same in excel format.
As the same we used to export from vulnerability assessment form.
Regards
01-27-2025 10:15 PM
If you want the excel format then while you creating the report you would see an option attach .csv format, click on it and select the report that would like to see as csv file, which will be sent to you in a zip format(includes pdf, csv format files). Here I am attaching a sample query which would fetch the relevant fields, please tune it according to your exact requirement.
dataset = va_cves
| fields name, cve_id , severity , severity_score, affected_hosts
|arrayexpand affected_hosts
| join(preset = host_inventory_endpoints |
fields endpoint_name, operating_system , endpoint_type, last_report_time ) as ep ep.endpoint_name = affected_hosts
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!