Host insights enabled, yet only 12% have any CVE information. How to troubleshoot?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Host insights enabled, yet only 12% have any CVE information. How to troubleshoot?

L3 Networker

We've been running XDR Pro per endpoint since late 2022 with the host insights add-on licensed and enabled for all endpoints.
CVE data exists for around 12% of the endpoints and include every OS, etc... no rhyme or reason why some work, but most do not.
I cannot determine why it is or isn't working on all endpoints and don't know of a way to troubleshoot it.

Anyone else having this issue? 

 

 

 

4 REPLIES 4

L4 Transporter

Hello @PC-TomS 

 

Thanks for reaching out on Live Community!

There are few pointers we need to clarify before we can suggest some solution.

1. Do you have enough number of Host Insight licenses? Since Host insight is an add-on separate from pro license, many times it happen that customer do not buy equal number licenses as compare to their pro licenses. So host insight will only work for the number of endpoints  for which add-on was bought.

2. Please verify if Host Insight was enabled for all the endpoints. When we have multiple profiles, it can happen that we may miss out on some profiles for which host insight capability was not enabled. Please ensure that all the profiles for which you want to enable host insight, you go to the agent setting profile and then first enable the pro capabilities(Disabled by default) and then enable host insight capability(Enabled by default) along with the sub menu for Endpoint Information Collection.

3. Please follow below document to verify if your endpoints meet the requirement for vulnerability assessment.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Vulnerabili...

Thanks anyway for trying, this is now a support case.

To answer your questions:

 

  • We have enough licenses.
  • It is enabled on all endpoints.
  • All endpoints meet the requirements.

 

Tom

Did you find a solution? I have the same issue. 

L4 Transporter

I would try to reinstall an agent. We had also some likely issues. In our case we hadn't enough licenses, bought some, but the agents didn't get the information to push the data. We had to reinstall the agent. 

 

BR

 

Rob

  • 1263 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!