Cortex XDR Pathfinder

cancel
Showing results for 
Search instead for 
Did you mean: 

Cortex XDR Pathfinder

L2 Linker

I dont really understand logic behind PATHFINDER. I installed Broker VM and configured pathfinder. But i can not see anything in Pathfinder Collection Center. I can not find answers to my questions  in documentations. Can anybody please explain about pathfinder?

4 REPLIES 4

L2 Linker

Hi @OrkanAlibayli ,

 

To be able to use Pathfinder, you need to first have a Cortex XDR Pro per TB license and have your PAN NGFW send logs to Cortex Data Lake. Also, Pathfinder is only able to gather information from Windows endpoints.

 

Do you have the above requirements? Please do also follow this article for Pathfinder. Activate Pathfinder (paloaltonetworks.com)

 

Hi @fmoixsante . Thanks for your answer. 

We have Cortex XDR Pro per TB license. And i also followed Activate pathfinder.

But our NGFW dont send logs to Cortex Data Lake 

My questions are these:

  •   when pathfinder begin gather information from Windows endpoints?
  •   How pathfinder gather this information without any agent?

Thanks!

Hi @OrkanAlibayli ,

 

You need to send your PAN NGFW logs to CDL so that whenever Analytics get trigger, Pathfinder will then try to gather information from the involved endpoint/s.

L0 Member

This pathfinder thing has been a real pain.  I was told via a support ticket to identify devices without XDR on it I needed to:

Install Broker VM

Install Network Mapper

Install Pathfinder

 

I was told when net mapper does a scan it will identify devices and then pathfinder will run its script on them.

This business of NGFW logs seems irrelevant. Although, we do send all of our pan logs to the cortex lake.

Since installing pathfinder, I have not seen any activity in the collection center. In fact I purposely placed a windows 10 device without XDR on it on the same network range Net Mapper scans and pathfinder isnt doing a thing. When I look at pathfinder logs all I see are my "tests".   

What is the point of network mapper if it doesnt pass on new devices to the asset manager?

What is the point of pathfinder if no alerts are sent for it to interrogate.

Where is the palo alto documentation on these items that we paid for? All there is is install guides less than a page long.

 

I am tired of opening tickets and getting support people who clearly know nothing about this.

 

Yes, I am aware the new cortex has what appears to be a peer to peer agent scan for devices process. Lets just say I dont want to use that method. For one the documentation says it will discover MAC and Platform only, I want the name of the unprotected device. Perhaps the doc is wrong but I still want to know after spending all this time setting up these services why they are not working. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!