topic Re: Signer of a file in file operations in Cortex XDR Discussions https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/signer-of-a-file-in-file-operations/m-p/517899#M3021 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190671">@RFeyertag</a>&nbsp;as you might be aware, Cortex XDR detects and prevents malicious events during execution. The information that you're looking for is collected by modules invoked during execution.&nbsp;</P> <P>It is possible to collect the data, but currently it is not part of the functionality.&nbsp;<BR /><BR />Would you have any specific use cases where you'd be looking at the metadata of such files (many of which might not be executables) to comprehensively aid in your investigation flows? I assume you're not referring to use cases pertaining to forensic investigations.</P> Fri, 14 Oct 2022 01:40:18 GMT bbarmanroy 2022-10-14T01:40:18Z Signer of a file in file operations https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/signer-of-a-file-in-file-operations/m-p/517667#M3011 <P>Hello dear community,&nbsp;</P> <P>&nbsp;</P> <P>like I saw, there is no possibility to find out the signer, from files which were only downloaded, moved, etc. but not executed.&nbsp;</P> <P>&nbsp;</P> <P>Why is this not possible?</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Wed, 12 Oct 2022 18:25:06 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/signer-of-a-file-in-file-operations/m-p/517667#M3011 RFeyertag 2022-10-12T18:25:06Z Re: Signer of a file in file operations https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/signer-of-a-file-in-file-operations/m-p/517899#M3021 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190671">@RFeyertag</a>&nbsp;as you might be aware, Cortex XDR detects and prevents malicious events during execution. The information that you're looking for is collected by modules invoked during execution.&nbsp;</P> <P>It is possible to collect the data, but currently it is not part of the functionality.&nbsp;<BR /><BR />Would you have any specific use cases where you'd be looking at the metadata of such files (many of which might not be executables) to comprehensively aid in your investigation flows? I assume you're not referring to use cases pertaining to forensic investigations.</P> Fri, 14 Oct 2022 01:40:18 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/signer-of-a-file-in-file-operations/m-p/517899#M3021 bbarmanroy 2022-10-14T01:40:18Z