Jump to content
yosinyc

Getting Automate to show Palo Alto Traps as AV

By yosinyc, in Advanced Configurations

Recommended Posts

yosinyc    0

yosinyc
Posted

Hello, sorry for my ignorance... I'm new to Automate....  The attached is my config for TRAPS AV.... the Monitors showing NO AV...

Does all the fields have to match in order for a good detection?  Basically what if I just check to see if the process is running, if it runs, monitor should display "Palo Alto AV"

any help would be greatly appreciated... ty

 

Name:  Palo Alto Traps

Program Location:       "%programfiles%\Palo Alto Networks\Traps\cytool.exe"

Def Location:  {%-HKLM\SOFTWARE\Cyvera\Client:Product Version-%}

Update cmd:  "%programfiles%\Palo Alto Networks\Traps\cytool.exe"   (couldn't find it, so I put the same as program location...)

version check:  {%-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5DA19C5737C8344D9FE02D6D5808099\InstallProperties:DisplayVersion-%}

AP Process:   cyserver*

Date Mask:  (.*)

 

Traps-Setup.thumb.JPG.59dd385330cf18cd8fa8655c4e080393.JPG

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing
×
×
  • Create New...