Hi @nikoolayy1 Here is a noteworthy write up on NDR / Network Traffic Analysis (NTA) to provide an overview / insights. In a firewall-only deployment where the Cortex XDR agent is not installed on your endpoints, you can use of Pathfinder to monitor endpoints. Pathfinder scans unmanaged hosts, servers, and workstations for malicious activity. The Analytics Engine can also analyze the Pathfinder data collector in combination with other data sources to increase coverage of your network and endpoints, and to provide more context when investigating alerts. To provide greater coverage and accuracy, you can enable Enhanced Application Logging (EAL) on your Palo Alto Networks firewalls. EAL are collected by the firewall to increase visibility into network activity for Palo Alto Networks apps and services, like Cortex XDR . I hope this information provides you with a path forward.
... View more