Partial protected endpoints

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Partial protected endpoints

L1 Bithead

Dears,

In some cases Endpoint is going to Partial protected due to some issues. I have read this knowledge base. (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OGWCA2&lang=en_US%E2%80%A...

Now I want to know that How can I get alert about when endpoint goes Partial protected mode. I have checked agent logs. There is no any alert about it. I can do it with correlation rule. But it can't be real time and can be several alerts for same endpoint. Could you please share your experience?

Cortex XDR Endpoint Protection 

Ahmad Akbarov
2 REPLIES 2

L3 Networker

Hi@Ahmad_akbarov,

 

We are facing the same issues, so we are creating a report template for Cortex XDR agent operational status. Currently, the report is only generating for unprotected endpoints and partially protected endpoints. This report is generated daily and sent to our email address. It allows us to easily identify any endpoints affected by being unprotected or partially protected. The report provides information on how many endpoints are affected. If no endpoints are affected, the report shows a count of zero.

Hope this answers your query. Please mark the response as "Accept as solution" if it helps.

Thanks for reply. You can do same with correlation rules which I did. But this is not real time. I need real time solution

Ahmad Akbarov
  • 825 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!