cortex xdr custom xql query to view server operational status

hi,

Most of the customer who uses paloalto cortex xdr want to visualize the server operational status in a dashboard in that case use below query as follows,

"dataset = endpoints | filter operating_system contains "windows server" or operating_system contains "ubuntu" | fields endpoint_name as endpoint_name, operating_system as operating_system, operational_status as operational_status, last_successful_scan as last_successful_scan, domain as domain, agent_version as agent_version"

Steps:

1. Login to cortex console

2. Navigate incident response tab-> query builder -> click xql search

3. Input the query and run

4. Click Save as widget and use it with dashboard.

if need any support, post comment we will reply back.

Related Articles
SMB Signing not required vulnerability
Description: The vulnerability is attacker able to perform the man in the middle attack between SMB server and client communication. This vulnerabilty occurs the lack of SMB misconfiguration. The vulnerability is leads to the MITM,SMB relay attacks. ...
SSL Medium Strength Cipher Suite Supported (SWEET32)
Description: SWEET32 is a cryptographic attack that exploits birthday attacks on 64-bit block ciphers, specifically targeting cipher suites like 3DES (Triple DES) and Blowfish when used in TLS, SSH, IPSec, or other encrypted protocols. Impacts The ...

cortex xdr custom xql query to view server operational status

cortex xdr custom xql query to view server operational status

Related Articles

SMB Signing not required vulnerability

SSL Medium Strength Cipher Suite Supported (SWEET32)