topic Device control violation alert\bioc in Cortex XDR Discussions https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/device-control-violation-alert-bioc/m-p/501312#M2131 <P>Im looking for a way to alert when a device control violation occurs</P><P>&nbsp;</P><P>Currently ive not found a xql query that works</P> Tue, 07 Jun 2022 15:07:50 GMT NathanBradley 2022-06-07T15:07:50Z Device control violation alert\bioc https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/device-control-violation-alert-bioc/m-p/501312#M2131 <P>Im looking for a way to alert when a device control violation occurs</P><P>&nbsp;</P><P>Currently ive not found a xql query that works</P> Tue, 07 Jun 2022 15:07:50 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/device-control-violation-alert-bioc/m-p/501312#M2131 NathanBradley 2022-06-07T15:07:50Z Re: Device control violation alert\bioc https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/device-control-violation-alert-bioc/m-p/501544#M2141 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/24508">@NathanBradley</a>&nbsp;</P><P>&nbsp;</P><P>As far as I know I think the case still exists as outlined in the below community link:<BR /><A href="https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/device-control-violations-amp-xql/td-p/426157" target="_blank">https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/device-control-violations-amp-xql/td-p/426157</A></P><P>&nbsp;</P><P>The link also provides <STRONG>a hint</STRONG> on how you can built your own custom notification using the <STRONG>"Get Violation API"</STRONG>.</P><P><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-apis/endpoint-management/get-violations" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-apis/endpoint-management/get-violations</A></P><P>&nbsp;</P><P>What you can do here is, create a csv file of the violation being pulled from XDR API and then ingest in SIEM for notifications or other stuff.</P><P>&nbsp;</P><P>Thank You</P> Wed, 08 Jun 2022 00:57:51 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/device-control-violation-alert-bioc/m-p/501544#M2141 KanwarSingh01 2022-06-08T00:57:51Z