XQL How to get all users that haven't logged in in the past 30 days.

Hi,

I'm having trouble putting together a query that'll grab me a list of users that haven't logged in within the past 30 days.

So far I've got this, but I'm not even sure if it's the right approach, so I'm just a bit stuck:

Cortex XDR triggers Code 10 on USB Audio despite exception - Vendor not selectable, need per-device allow without vendor or something

Environment

• Endpoint OS: Windows 10/11 (latest patches)
• Device: USB Audio (composite device, audio system)
• Driver: wdma_usb.inf / service usbaudio.sys (MEDIA class)
• Cortex XDR Agent: 8.9.0
• Policy: Custom Device Control rule set (USB mass-storage

How to Prevent local admin on an endpoint from pause/remove the cortex XDR agent?

Hi there,
Excuse me, I see that there's an ability for the Admin users in their endpoint that can Bypass (Paus/Remove) the Cortex XDR agent. for both Windows and Linux OS.
How to prevent that through polices or something like that.
Also how to prevent t

Regarding the End of Life for Broker VM

Is there an EOL for Broker VM?

The following URL contains information about the end-of-life for Palo Alto products, but it does not appear to include any mention of the Broker VM.

https://www.paloaltonetworks.com/services/support/end-of-life-announce

How to enable Vulnerability Assessment on Cortex XDR V4.2

I cannot find where to enable Vulnerability Assessment in Cortex XDR v4.2.
Can anyone help me?

What Integration support Playbook on Cortex XDR 4.x

Hi everyone,

I would like to know what  Integration support  or list for playbook on cortex xdr 4.x I find official not found 

Thank you

XQL - "After hours" query

This is a fairly dataset agnostic query snippet to look for events "after hours". You'll need to define what that means and also convert the time zone to your local time. This might not work if you're using UTC in the console, I'm not sure there. 

How to sizing pro per gb

Hi Expert ,

I would like to know about how to sizing pro per gb i know about if would like size ngfw refer with sls-sizing-estimator and lps per model but it seems like when i calculate is a huge size i'm not sure how to actually size and another l

Slow get_alerts API response / Validity check

Hi all,

I’m integrating Cortex XDR APIs and want to validate the get_alerts endpoint for connectivity and credentials.

I’ve already tested the get_incidents endpoint, and it works fine with our API keys.

When I call get_alerts, it always takes ~50

SHOW ALL ALERT

Greetings everyone.

I'm having a problem with Cortex XDR. Low-level security events aren't appearing on the dashboard; only medium, high, and critical ones do.

I'd like all alerts to appear on the dashboard. I only see low-level alerts when I go

I want to block certain certutil commands from being executed through the BIOC Rule

Unable to get it why the below BIOC rule can't be added into the restrictions policy. I was trying to write a BIOC rule for monitoring dropped files via certutil. : 

dataset = xdr_data

| filter event_type = 2 and event_sub_type = ENUM.NETWORK_STREA