03-27-2025 02:34 AM
Hello All,
Could someone assist me with a Cortex XDR XQL query to list all vulnerabilities along with their associated endpoints? I'm looking for a list that includes each endpoint and its unique CVEs.
also Does Cortex XDR gives remediation details along with vulnerability ?
Cortex XDR #Hostinsight
03-27-2025 03:02 AM
Hi @tejaspatil12 ,
Using XQL, you can view CVEs for all or specific endpoints:
dataset = va_cves
| fields name, cve_id , severity , severity_score, affected_hosts
|arrayexpand affected_hosts
| join(preset = host_inventory_endpoints | fields endpoint_name, operating_system , endpoint_type, last_report_time )
as ep ep.endpoint_name = affected_hosts
| filter (`affected_hosts` = """XTP""")
I believe XDR does not provide remediation or solution details.
On the Vulnerability page, for each CVE, you can find the NIST link, which will take you to the NIST page for more details.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
