10-29-2022 02:24 PM
Hello dear community!
From my perspective, this documentation brings more questions, than answers.
There is written cortex does not collect CVEs for Applications.
"
calculates CVEs for applications according to the application version, and not according to application build numbers.
"
And
"A list of all CVEs that exist on applications that are installed on the endpoint
"
So what is right now?
CVEs For Applications or only CVEs for OS?
There are also in the gui some hints for applications but I never found a CVE related to Applications.
Please help me to understand what is right or wrong!
BR
Rob
10-30-2022 01:05 AM
Hi @Cyber1985 ,
We assure you, it is in the works. As you know there are gazillions of applications in Windows world to assess and research and hence we have an intensive R&D already going on around it. I do not have a definite date for the same, but it is in future consideration to be derived in.
Hope that answers your question! Please mark "Accept as Solution" if it does.
Regards.
10-29-2022 03:58 PM
Hi @Cyber1985 ,
Thank you for writing to live community!
As per the documentation, both the statements are correct.
Hence the above two statements. As you can see in the documentations the Operating System Platforms are bolded against the statements. Hope that answers your question!
Regards.
10-29-2022 10:31 PM
Hey @neelrohit,
Thank you for this clarifiction! From the OS point it is clear now.
Will there be a change in the future to see CVEs for applications on windows?
BR
Rob
10-30-2022 01:05 AM
Hi @Cyber1985 ,
We assure you, it is in the works. As you know there are gazillions of applications in Windows world to assess and research and hence we have an intensive R&D already going on around it. I do not have a definite date for the same, but it is in future consideration to be derived in.
Hope that answers your question! Please mark "Accept as Solution" if it does.
Regards.
10-30-2022 02:59 AM
I am glad to hear this topic is in progress!
Thank you very much for this good news!
BR
Rob
11-07-2022 09:05 AM
Linux vulnerability reporting on applications does not take into account backporting. I opened a support ticket and was told it was put in as an "improvment"
Applications are reporting vulnerable to old cve's. However they have been patched and the changelog on the server shows the cve fixed via the updated minor version
04-14-2023 12:10 AM - edited 04-14-2023 12:12 AM
Regarding your query on how to add/remove applications on cortex xdr (eg. wireshark, etc.). One cannot add/remove applications as this telemetry/data is part of Host Inventory which is a part of the Host Insights Add-On.
However you have an option to "Recalculate" as shared in below screenshot. Normally Cortex XDR agent scans the endpoint every 24 hours for any updates and displays the data found over the last 30 days. But with "Recalculate", you can force data recalculation to retrieve the most updated data.
Note: To collect initial data from all endpoints in your network could take Cortex XDR up to 6 hours.
Hope that answers your question! Please mark "Accept as Solution" if it does.
Thank You!
04-16-2023 10:37 PM
Hello PiyushKohli,
Once again, Thank you for your response. If I understand these applications reside on the "end users Host machines". In that case, would you then advise (1) I recalculate (2) I delete the application (e.g wireshark) from ALL hosts, servers machines on the network. One can do that? so that I can get ride of "wireshark" from the Host Inventory (and won't be listed as part of the telemetry/data)? is that best way to approach it, or not?
Thank you once more....
Chris
04-17-2023 03:56 AM
If your organization Information Security/IT process is not to have that reported application installed on ALL hosts, servers machines on the network for ex Wireshark in this use case, then yes you will have to delete/remove the application from reported Hosts. And once that application is removed from the reported hosts then either you may recalculate or can wait as Cortex XDR agent scans the endpoint every 24 hours.
Live Community video on this feature for your reference: https://live.paloaltonetworks.com/t5/cortex-xdr-how-to-videos/cortex-xdr-how-to-video-host-insights/...
Hope this helps.
Thank You
04-17-2023 06:35 AM
Dear PiyushKohli
Great, and many Thanx.
You seem to know well Cortex XDR, happy you have indeed assisted in this regard. Please tell me, maybe my last question, how do you delete/remove such applications (example "wireshark") from all hosts. Since I do not see any feature on my cortex xdr setting to use and remove/delete files. Do I need to write a script?, do you have any reference documents or link you can refer me to? so I can read through and execute? How do I go about removing from any Host/Servers such application for example "wireshark"? and what do I need to be advisable to be carefull NOT to do?
Again, Thank you
12-12-2023 02:20 PM
The Top 10 Vulnerable Applications on my dashboard never shows anything. Has anyone been able to confirm that it only supports CVE alerts for OS only and not applications?
12-12-2023 02:21 PM
Has R&D completed this so that we can see application CVE alerts?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
