This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Is it possible to trigger insights collection on multiple hosts?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is it possible to trigger insights collection on multiple hosts?

Go to solution
Piotr_Kowalczyk
L3 Networker

‎10-04-2023 01:29 AM

Hi,

I know that I can go to Endpoint Data -> Open Asset View -> Open Asset View in new tab and then use "Run Insight collection" but from time to time I need to do this on around 50 hosts so this option is not really practical. I wasn't able to find any option which allows me to trigger this on multiple host, is it possible?

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
aspatil
L5 Sessionator

‎10-04-2023 03:20 AM

Hello,

Running manually on multiple endpoints is not the recommended option, as it creates a performance issue on Agent and the Dashboard as well while collecting data and events. Hence, it is scheduled for 24 hours. If you are just concerned about the software updates, you can follow below actions:

1. Go to Incident Response--> Investigations--> Host Inventory

2. Select Applications and click on Recalculate. 

aspatil_0-1696414740139.png

 

Even Vulnerability Assessment option has option to "Recalculate".

 

The Recalculate option will trigger calculation and updation of host insights information for the Cortex XDR and the agents will send the insights data upon next data upload cycle. Please note that this can take a minimum of 6 hours for recalculation of information and to be able to populate data accordingly. 

 

Hope this helps!

 

Please mark the response as "Accept as Solution" if it answers your query. 

 

Ashutosh Patil

View solution in original post

(1)
7 REPLIES 7

Go to solution
aspatil
L5 Sessionator

‎10-04-2023 02:37 AM

Hello,

 

Thank you for writing to Live community!

 

Cortex XDR will calculate host insights for all the endpoints where the license can be applied(considering that the quota is not exceeded) every 24 hours. On the window of the module you want to view, also states beside the header, the last calculation timestamp for Cortex XDR host insights collection. 

 

Unfortunately, the expected use case cannot be achieved as of now. Could you please help me with the reason to run the insight collection manually?

Ashutosh Patil
0 Likes Likes

Go to solution
Piotr_Kowalczyk
L3 Networker
In response to aspatil

‎10-04-2023 02:44 AM

Hi,

 

Thank you for your reply,

 

The reason is: I want to check if some software was updated to particular version and would like to have data up to date, without potential 24 hours delay. Is any way to display last insight collection timestamp in the host table instead of going to Asset View?

0 Likes Likes

Go to solution
aspatil
L5 Sessionator

‎10-04-2023 03:20 AM

Hello,

Running manually on multiple endpoints is not the recommended option, as it creates a performance issue on Agent and the Dashboard as well while collecting data and events. Hence, it is scheduled for 24 hours. If you are just concerned about the software updates, you can follow below actions:

1. Go to Incident Response--> Investigations--> Host Inventory

2. Select Applications and click on Recalculate. 

aspatil_0-1696414740139.png

 

Even Vulnerability Assessment option has option to "Recalculate".

 

The Recalculate option will trigger calculation and updation of host insights information for the Cortex XDR and the agents will send the insights data upon next data upload cycle. Please note that this can take a minimum of 6 hours for recalculation of information and to be able to populate data accordingly. 

 

Hope this helps!

 

Please mark the response as "Accept as Solution" if it answers your query. 

 

Ashutosh Patil
(1)

Go to solution
Piotr_Kowalczyk
L3 Networker
In response to aspatil

‎10-04-2023 03:26 AM

Is looks like what I'm looking for but just to clarify just to make sure I understand the process correctly. Once I trigger recalculation, the Cortex XDR server requests new application information form agents and then update them in the console?

 

0 Likes Likes

Go to solution
aspatil
L5 Sessionator

‎10-04-2023 03:28 AM

Hello,

That's right!!

Ashutosh Patil

Go to solution
Piotr_Kowalczyk
L3 Networker

‎10-04-2023 03:32 AM

Many thanks. This was what I was looking for! I thought recalculation is just internal Cortex process and has nothing to do with updating endpoint data.

0 Likes Likes

Go to solution
E.Jafarov
L2 Linker
In response to aspatil

‎12-26-2024 04:25 AM

Hi Aspatil,

Could we change period of hour, for example not every 24 hours, like 12 hours.

SmartIT
0 Likes Likes
  • 1 accepted solution
  • 1916 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks