PRO Tag on an "Endpoint name - Endpoint Table" indicates "PRO capabilities enabled" To enabled the Pro capabilities, Go to the applicable "Agent Settings" > XDR Pro Endpoints > Enable. Cortex XDR Pro agents capabilities including enhanced data collection, advanced responses, and attached add-ons. Note: This only applies to organizations with Cortex XDR Pro Licenses.
@@michaelalalade7129 Really thanks for your support for solving my doubts & responding within short time. I'm working on CORTEX XDR tool from paloalto.
Understanding audio itself a big challenge, along with cortex XDR learning
What is the difference between uninstall agent and delete endpoint?
Impossible to understand.
What's mean by "failed DNS" incident?
What is LOLBIN executable process in incidents? Could you please explain me
Why the PRO tag given to some endpoints?
PRO Tag on an "Endpoint name - Endpoint Table" indicates "PRO capabilities enabled"
To enabled the Pro capabilities, Go to the applicable "Agent Settings" > XDR Pro Endpoints > Enable.
Cortex XDR Pro agents capabilities including enhanced data collection, advanced responses, and attached add-ons.
Note: This only applies to organizations with Cortex XDR Pro Licenses.
@@michaelalalade7129 Really thanks for your support for solving my doubts & responding within short time. I'm working on CORTEX XDR tool from paloalto.
yes, almost impossible to understand. all the time trying to guess
conifg case_sensitive = false timeframe=30d
| dataset = endpoints
| filter endpoint_status = ENUM.CONNECTED or endpoint_status + ENUM.DISCONNECTED
| alter agent_version_formatted = regextract(agent_version ,"^\D*(\d+(?:\.\d+)?)")
| arrayexpand agent_version_formatted
| comp count (agent_version_formatted ) as no_of_agents by agent_version_formatted
| fields agent_version_formatted , no_of_agents
| sort asc agent_version_formatted
| view graph type = column subtype = grouped,horizontal header = "Count of Endpoints by Minor Release" show_callouts = 'true' legend = 'false' xaxis = agent_version_formatted xaxistitle = "Agents by Minor Release" yaxis = no_of_agents
dataset = endpoints
| fields endpoint_id, endpoint_name, last_seen
| comp count() as count by endpoint_name addrawdata = true as raw_data
| filter count > 1
| sort desc count
| alter endpoint_name = arrayindex (raw_data, 0) -> endpoint_name
| alter endpoint_id = arrayindex (raw_data, 0) -> endpoint_id
| alter last_seen = arrayindex (raw_data' 0) -> last_seen