- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-21-2021 04:10 AM
I dont really understand logic behind PATHFINDER. I installed Broker VM and configured pathfinder. But i can not see anything in Pathfinder Collection Center. I can not find answers to my questions in documentations. Can anybody please explain about pathfinder?
04-21-2021 04:34 AM
Hi @OrkanAlibayli ,
To be able to use Pathfinder, you need to first have a Cortex XDR Pro per TB license and have your PAN NGFW send logs to Cortex Data Lake. Also, Pathfinder is only able to gather information from Windows endpoints.
Do you have the above requirements? Please do also follow this article for Pathfinder. Activate Pathfinder (paloaltonetworks.com)
04-21-2021 05:07 AM
Hi @fmoixsante . Thanks for your answer.
We have Cortex XDR Pro per TB license. And i also followed Activate pathfinder.
But our NGFW dont send logs to Cortex Data Lake
My questions are these:
Thanks!
04-22-2021 02:54 AM
Hi @OrkanAlibayli ,
You need to send your PAN NGFW logs to CDL so that whenever Analytics get trigger, Pathfinder will then try to gather information from the involved endpoint/s.
09-03-2021 01:57 PM
This pathfinder thing has been a real pain. I was told via a support ticket to identify devices without XDR on it I needed to:
Install Broker VM
Install Network Mapper
Install Pathfinder
I was told when net mapper does a scan it will identify devices and then pathfinder will run its script on them.
This business of NGFW logs seems irrelevant. Although, we do send all of our pan logs to the cortex lake.
Since installing pathfinder, I have not seen any activity in the collection center. In fact I purposely placed a windows 10 device without XDR on it on the same network range Net Mapper scans and pathfinder isnt doing a thing. When I look at pathfinder logs all I see are my "tests".
What is the point of network mapper if it doesnt pass on new devices to the asset manager?
What is the point of pathfinder if no alerts are sent for it to interrogate.
Where is the palo alto documentation on these items that we paid for? All there is is install guides less than a page long.
I am tired of opening tickets and getting support people who clearly know nothing about this.
Yes, I am aware the new cortex has what appears to be a peer to peer agent scan for devices process. Lets just say I dont want to use that method. For one the documentation says it will discover MAC and Platform only, I want the name of the unprotected device. Perhaps the doc is wrong but I still want to know after spending all this time setting up these services why they are not working.
01-12-2023 06:20 PM
Is there any reply to ESJosephPrinz? The frustration is real.
01-12-2023 08:04 PM
Hi @ESJosephPrinz as @fmoixsante mentioned - Pathfinder will only trigger a deployment of a dissolvable agent on the target endpoint/s which do not have Cortex XDR, when an Analytics event of High/Medium severity is triggered.
The POC that you performed does not mention if the pre-requisites specified in the documentation are met.
Have you had a conversation with your Customer Success teams or Account representatives to get further clarity on this over a call/demo as it is more interactive than a forum? I am sure all of these questions can be addressed with proper context.
01-23-2023 07:25 AM - edited 01-23-2023 07:30 AM
hey,
My name is Mickey im with the Technical Marketing Engineering team of Palo.
i am looking into this thread and trying to activate the pathfinder on my end and i would like to go on a session with the customer here.
can you send me email please so we can schedule?
thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!