This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex xdr agent distributed network scan

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex xdr agent distributed network scan

Vinothkumar_SBA
L3 Networker

‎04-04-2025 04:27 AM

Hi Team,

 

We have enabled the Cortex XDR agent's distributed network scan, and we are getting successful results in the XDR Management Console. Our question is: Which port is used by the XDR agent to identify unmanaged assets

0 Likes Likes
4 REPLIES 4

aspatil
L6 Presenter

‎04-04-2025 04:47 AM

Hello @Vinothkumar_SBA ,

If you are using Nmap, in the first stage, Nmap performs a ping scan -PS -PA which by default will try to use port 80 but will try to use other ports if not available.
Its has no limits about the port numbers in use.
If the request is also for os detection it may scan also a large number of ports depending on the OS which is also not limited to specific port numbers.

 

If you feel this has answered your query, please let us know by clicking like and  on "mark this as a Solution". Thank you.

Ashutosh Patil
0 Likes Likes

tlmarques
L4 Transporter

‎04-29-2025 09:52 AM

My question is: is it safe @aspatil ?  Can the XDR itself perform these NMAP scans without putting the stability of the company's network at risk?

In a company with 5,000 devices, having all of them running NMAP could be dangerous. Or does the agent have some level of intelligence to run the scans gradually, in phases or at set intervals?

If this post answers your question, please mark it as the solution.




Best regards
Tiago Marques
0 Likes Likes

aspatil
L6 Presenter

‎04-29-2025 11:18 PM

Hello @tlmarques ,

No, Cortex XDR agents do not run full Nmap scans across the network in the traditional sense. The Network Discovery feature in Cortex XDR uses controlled, lightweight probing that is intentionally designed to avoid network overload or disruption.

 

Regards,

Ashutosh

 

Ashutosh Patil
0 Likes Likes

tlmarques
L4 Transporter
In response to aspatil

‎05-01-2025 02:51 AM

Hi @aspatil ,

 

thanks for your mensage.
In this case , it's safe configure the agent nmap for all endpoints correct?

If this post answers your question, please mark it as the solution.




Best regards
Tiago Marques
0 Likes Likes
  • 670 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks