This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

PiyushKohli
L4 Transporter
In response to Balaraju

‎03-28-2023 11:00 PM

Hi @Balaraju 

 

Cloud Identity Engine (previously called Directory Sync Service (DSS)) enables to leverage Active Directory user, group, and computer information in Cortex XDR and provides the data needed for event context enrichment.  

Reference Doc: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Set-Up-Clou...

 

For endpoints where XDR agent is not installed but are domain joined you can find the endpoints which doesn't have agent installed in below ways:

 

1. You would just need to use the Has XDR Agent = No filter under Assets > Assets Inventory.

PiyushKohli_0-1680069085169.png

 

2. For endpoints where XDR agent is not installed but are domain joined, if Cloud Identity engine is setup and configured you can leverage the Cloud Identity Engine dataset (pan_dss_raw) to cross-reference the data with endpoints data dataset (endpoints) to identify assets which are a part of the organization domain but are not in the endpoints dataset. This can be achieved with a XQL query.

You can run this as a report on a periodic basis to get the list of endpoints without XDR and then leverage organizational processes to get XDR installed on those endpoints. Refer to this Live Community Post

 

Hope this helps.

 

(1)
Who rated this post
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks