Can Applications be filtered in some way in Cortex XDR report?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Can Applications be filtered in some way in Cortex XDR report?

L0 Member

Hello all! I hope your day is going well!

I wanted to know if Cortex XDR has the availability to filter applications in a report?

What my goal is : For example I have 20 systems. Is there any way that I can put a filter on them, to see what Applications those systems have?

For example, this is now happening with Groups. I can see what groups are assigned to those 20 systems. I would like to have the same with Applications.

Let say that I would like on this filter to be able to say "contains or does not contain" and then the application name in quesiton.

Thank you!

2 REPLIES 2

L6 Presenter

What about this?

 

 

 

Application Analysis

You can assess the vulnerability status of applications in your network using the Host inventory. Cortex XDR compiles an application inventory of all the applications installed in your network by collecting from each Cortex XDR agent the list of installed applications. For each application on the list, you can see the existing CVEs and the vulnerability severity score that reflects the highest NIST vulnerability score detected for the application. Any new application installed on the endpoint will appear in Cortex XDR within 24 hours. Alternatively, you can re-scan the endpoint to retrieve the most updated list.

Starting with macOS 10.15, Mac built-in system applications are not reported by the Cortex XDR agent and are not part of the Cortex XDR Application Inventory.

From Add-onsHost InsightsHost Inventory, select Applications.

  • To view the details of all the endpoints in your network on which an application is installed, right-click the application and select View endpoints.

  • To view in-depth details about the application, left-click the application name.

 

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Vulnerabili...

 

L0 Member
  • To view the details of all the endpoints in your network on which an application is installed, right-click the application and select View endpoints.

    This is basically what I had in mind, HOWEVER in this scenario, I will not be able to see which systems DON'T have this application?

    So going back to the main question, is there any way, that we can Filter this so that the end result is = We have 20 Systems and once we apply the filter, we are going to be able to see which of those 20 have the application and which don't. (I am giving 20 as an number as an example, in my scenario we are talking about "bit" more 🙂

    Thakn you!

  • 830 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!