Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Who rated this post

L2 Linker

Hello @PankajThakre,


As far as I know, the way to do this is to have an XDR Pro license for your endpoints and have the Host Insights add-on.


With that, you have the inventory of apps installed on each of your endpoints where the Cortex XDR agent is installed and has the Enable Host insights capabilities in your agent settings.


You will then be able to access the inventory from the UI under Assets > Vulnerability Assessment > Host inventory > Applications

Direct link:



You can also query the info with the following XQL query:


dataset = host_inventory
| arrayexpand applications
| alter software = json_extract(applications, "$.application_name"), install_date = json_extract(applications, "$.install_date"), version = json_extract(applications, "$.version")
| filter applications contains $Software
| fields host_name, software, version, install_date



$Software is a variable that if you save in your Query Library, it will ask you for the software that you want to search for. You can replace that with whatever you want to search for.


Hope that helps.






View solution in original post

Who rated this post