Hello @PankajThakre, As far as I know, the way to do this is to have an XDR Pro license for your endpoints and have the Host Insights add-on. With that, you have the inventory of apps installed on each of your endpoints where the Cortex XDR agent is installed and has the Enable Host insights capabilities in your agent settings. You will then be able to access the inventory from the UI under Assets > Vulnerability Assessment > Host inventory > Applications Direct link: https://<yourCortexTenant>.xdr.<countrycode>.paloaltonetworks.com/host-insights/apps/apps-only You can also query the info with the following XQL query: ************************************* dataset = host_inventory | arrayexpand applications | alter software = json_extract(applications, "$.application_name"), install_date = json_extract(applications, "$.install_date"), version = json_extract(applications, "$.version") | filter applications contains $Software | fields host_name, software, version, install_date ************************************* $Software is a variable that if you save in your Query Library, it will ask you for the software that you want to search for. You can replace that with whatever you want to search for. Hope that helps. Thanks LD
... View more