cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

L4 Transporter

Hi @Retired Member 

 

For your use case to detect unmanaged assets in network (without Broker VM), if those endpoints are domain joined you can leverage the Cloud Identity Engine dataset (pan_dss_raw) to cross-reference the data with endpoints data to identify assets which are a part of the organization domain but are not in the endpoints dataset.

 

XQL query for reference: 

 

dataset = pan_dss_raw
| fields name,ou,os,type
| filter type= "computer"
| dedup name
| filter name not in (dataset=endpoints | alter hostname = lowercase(endpoint_name) | fields hostname )

 

Hope this helps!

Please mark the response as "Accept as Solution" if it answers your query.

Who rated this post