O365 mail Graph API Integration - Best Practices

Hey all,

I was exploring O365 graph API and wondering what are some of the best practices for this integration.

One thing we came up was to IP restriction (Palo alto IP) in Microsoft side.

Are there any other condition access policies that can

Using Microsoft Authenticator MFA

Hello LiveComm,

I am working on using MFA for authentication to xsoar on a server that has Active Directory (On-Prem) SAML authentication already in use. The use case is to require the user to authenticate using the Microsoft Authenticator app. I hav

How Cortex XDR alert/incident severity is decided or generated on tool

Hello all,

Please help me to understand how Cortex XDR assign the severity to incident and alert.

Failed to get unit file state for traps_spmd.service: No such file or directory

Hello,
I just installer a 8.2 XDR agent to a linux server
"/opt/traps/bin/cytool startup enable all" returns 

Process name Startup status
pmd Enabled
Failed to get unit file state for traps_spmd.service: No such file or directory
spmd Disabled
Failed to ge

XQL quey help

Hello everyone, 

I would like to replicate some queries in Cortex using XQL, but I have many doubts with this language and I am arguing with it 

Example:

T1140 Deobfuscate/Decode Files or Information 

Suspicious domain suffix with a rare user agent - Explanation

Hello Community,

The BIOC Analytics has recently added these alerts and I wanted to get some insight and I hope this thread can be used in the future by others as well.

While the same seems straightforward there are some issues. The name of the aler

Cortex XDR agent does not send alerts if an event happen when computer is disconnected from network

Hi everyone,

If an event is triggered in a computer without connection, nothing is sent to the console when the computer recovers the connection.

My concern is how I will be alerted if something happens when a computer have no network.

I realiz

XQL Query - Union between Alerts and Incident datasets

Hi

I want to write an XQL query wherein i will be able to get both details of incident and Alerts in one table.

I want to correlate Incident ID and Description with the tables found in Alert dataset like CGO, Initiated by, Action process etc

BIOC Block executables based field "Process_File_Info"

Hello,

I would like to know if any of you have struggled with support and technical cases with the need I show below.

I would like to know what you can tell me or give me your opinion of blocking executables based on static metadata using the “Proces

Unable to read the file via remoteaccess with service account Cortex XSOAR ID: 4893410215349833399

Unable to read the file via remote access with service account Cortex XSOAR ID: 4893410215349833399 We created a service account with /usr/sbin/nologin in /etc/passwd but was unable to read the file in /home directory. However, we managed to read it

Access to XSOAR Community edition

Hello everybody,

after reading through some of the threads here, most people run into a similar issue as I did. 

Not receiving the URL to download - has anyone found a suitable solution? 

I used a company email, I waited a week for it to come aft

Community Edition

Hello, I have signed up for the community edition, however I have never received the download URL. Also, I signed up for the DFIR, but cannot access the slack, as the link is expired when sent.

how can I get cortex Community Edition

Hi,

I filled out the form for the community edition at https://start.paloaltonetworks.com/sign-up-for-community-edition.html. I have received a confirmation email and an email for more information I have replied.

unfortunately I get no response to use

XDR - portproxy enabled allow a man-in-the-middle attack

Hi

Does anyone know if Cortex XDR detect and/or protect against this type of attack:

Windows 10 must not have portproxy enabled or in use (syxsense.com)

Unit 42 Palo Alto integration with SIEM particularly ?

How can we integrate Unit 42 Palo Alto with SIEM particularly Microsoft Sentinel?

Regards,

Shashank