- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-29-2024 05:59 AM
All the CVEs that appear on the platform Cortex XDR date back to 2017, when I see the vulnerability assessment section, none of the CVEs are from years prior to 2017. Could you give me an answer as to why this is so?
01-29-2024 07:04 AM - edited 01-29-2024 07:38 AM
Hi @Rolando_Pena, thanks for reaching us using the Live Community.
The Vulnerability Assessment covers vulnerabilities older than 2017, you might not have any present in your Endpoints.
01-29-2024 07:11 AM
What kind of sorcery is this ?
How do you have CVEs for Applications. I thought, at least up to now, that the assessment was only applicable to OS related vulnerabilities
01-29-2024 07:15 AM
Hi @ithermos, this is part of the Host Insights Add-on. Take a look at the documentation: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Vulnerabili...
01-29-2024 07:26 AM
First of all thanks for the response.
I have the Add-on installed for quite some time. Furthermore, from the link you provided and is what I also read in the past, I quote:
"Cortex XDR lists only CVEs relating to the operating system, and not CVEs relating to applications provided by other vendors."
In the APPLICATION/OPERATING SYSTEM column in the console, as a value there is only "Operating System"; when you I hide this value there is not a single entry for a CVE. Strange.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!