This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to check endpoint has no agent and intregate edl with NGFW

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to check endpoint has no agent and intregate edl with NGFW

Pattarachai-FTH
L1 Bithead

‎12-15-2022 08:01 PM

Hi Expert ,

 

How to check endpoint has no agent and integrate edl with NGFW when found endpoint 

 

Now , I have try to create  python script  to get all endpoint  but not have idea to check endpoint has no agent 

 

Thank you

0 Likes Likes
3 REPLIES 3

neelrohit
L5 Sessionator

‎12-18-2022 05:45 PM

Hi @Pattarachai-FTH , 

 

Thank you for writing to live community!

 

Having no agent is one part of the problem and integrate EDL with NGFW is another set. These are not related. Can you help us with more specific used case on the same. 

 

Your asset management tools can be used for checking applications installed, however, you can also do so using Cortex XDR by using Broker VM network mapper as  a tool and aggregating DHCP logs for asset discovery. Cortex XDR Network mapper will scan the subnet to discover IPs and will populate entries for endpoints with agent installed as "YES". The DHCP logs ingestion will help you get appropriate MAC addresses for devices with IPs that do not have cortex agent installed on them. Some of them might be ICND devices where you cannot install agents, but remaining can be leveraged to check if those do not have agents and can be pushed for installation. 

 

Waiting to hear from you on your EDL perspective. Please mark this "Accept as Solution" if it answers your question.

 

Regards

0 Likes Likes

ZachIvins
L1 Bithead

‎12-18-2022 07:24 PM

If you have an asset management tool like SCCM, I would recommend creating a Powershell script (or whatever scripting language you prefer) to run the command and parse the response to ensure it matches the current day. This will accomplish two checks, one being that the agent is installed (if the command fails due to cytool not existing the agent is not installed) and that it's healthy and connecting by validating its connected to the console that day. You'll sometimes run into agents where the service is running, but for one reason or another it's not communicating successful, so this will validate that.

ZachIvins
L1 Bithead

‎12-18-2022 07:25 PM

Sorry I forgot to include the actual command, it's "cytool last_checkin" - see https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/7.9/Cortex-XDR-Agent-Administrator-Guide/Cytoo...

0 Likes Likes
  • 1665 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks