This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XDR Checkin Time

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Cortex XDR Checkin Time

Amnsgna
L0 Member

‎05-16-2023 10:32 AM

Hello All,

 

Was curious, is there a related registry key for Traps last check-in date? I'm curious if there is an easy way to pull in that information with powershell.

 

Quick example scenario would be that we would use one script to pull in the last check in time with multiple computers with Cortex XDR.

 

Thanks!

0 Likes Likes
3 REPLIES 3

bbarmanroy
L5 Sessionator

‎05-17-2023 01:58 AM

There are a few ways to achieve this in decreasing order of preference to collect the data:

  1. Get the last seen timestamp from XDR API's (Ref: https://cortex-panw.stoplight.io/docs/cortex-xdr/fde2236a93dfe-get-all-endpoints)
  2. Run "cytool last_checkin" on the endpoint (Ref: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/7.9/Cortex-XDR-Agent-Administrator-Guide/Cytoo...)

 

Amnsgna
L0 Member
In response to bbarmanroy

‎05-19-2023 11:54 AM

Hello,

 

Thank you for the quick reply. That helps a lot. Would it be possible without access to the management console?

0 Likes Likes

aleksandar.astardzhiev
Cyber Elite
Cyber Elite
In response to Amnsgna

‎05-20-2023 12:15 PM

Hi @Amnsgna 

 

The second option suggested by @bbarmanroy - "run cytool last_checkin" is the option "without access to the management console".

Cytool is CLI tool that is installed with CortexXDR agent on each endpoint and can be used to troubleshoot and manage the XDR agent. https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/8.0/Cortex-XDR-Agent-Administrator-Guide/Cytoo...

 

With this option you need to execute  the command on each individual endpoint and check the output.

 

0 Likes Likes
  • 1174 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks