topic Coretex XDR alert/incidents for wildfire test file in Cortex XDR Discussions https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/coretex-xdr-alert-incidents-for-wildfire-test-file/m-p/336404#M187 <P>Hi Community,</P><P>&nbsp;</P><P>Does the wildfire test file generate a alert/incident which can be seen XRD console ?</P><P>I have a XDR agent connected to cloud. The wildfire test sample in prevented and i can see it in events of XDR agent. I cannot see this in XDR console neither in incident nor alert table. Does this expected behaviour ?.</P><P>Also i noticed that one of the prevention (not the test file but other .exe) is also not visible in portal. I hope each security events in agent should create at least one alert in console.</P><P>&nbsp;</P><P>Thanks in advance.</P> Thu, 02 Jul 2020 06:06:28 GMT Abdul_Razaq 2020-07-02T06:06:28Z Coretex XDR alert/incidents for wildfire test file https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/coretex-xdr-alert-incidents-for-wildfire-test-file/m-p/336404#M187 <P>Hi Community,</P><P>&nbsp;</P><P>Does the wildfire test file generate a alert/incident which can be seen XRD console ?</P><P>I have a XDR agent connected to cloud. The wildfire test sample in prevented and i can see it in events of XDR agent. I cannot see this in XDR console neither in incident nor alert table. Does this expected behaviour ?.</P><P>Also i noticed that one of the prevention (not the test file but other .exe) is also not visible in portal. I hope each security events in agent should create at least one alert in console.</P><P>&nbsp;</P><P>Thanks in advance.</P> Thu, 02 Jul 2020 06:06:28 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/coretex-xdr-alert-incidents-for-wildfire-test-file/m-p/336404#M187 Abdul_Razaq 2020-07-02T06:06:28Z Re: Coretex XDR alert/incidents for wildfire test file https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/coretex-xdr-alert-incidents-for-wildfire-test-file/m-p/338678#M195 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/101029">@Abdul_Razaq</a>,</P><P>&nbsp;</P><P>The test PE should not create an incident, but it should create an alert even though it is prevented.&nbsp; I have tested and verified this in the past.&nbsp; For the policy rule applied to the machine what does the malware profile specify instruction-wise?</P> Wed, 15 Jul 2020 14:25:28 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/coretex-xdr-alert-incidents-for-wildfire-test-file/m-p/338678#M195 dfalcon 2020-07-15T14:25:28Z