Cortex Data Lake - Windows 11 Build & Enablement(?) Info

Windows 11 (and 10 presumably) has a series of numbers which, together, identify the build and patch level of the OS.  This would be a combination of Version: Windows 11 and/or Build Number: 10.0.22631.  The Patch Level (or Enablement Level) is shown

XDR as "SIEM" (challenge for discussion)

I wanted to leave a challenge here for discussion in the group.

Why not use XDR as if it were a SIEM, in order to analyze more events with better accuracy, and to create more correlation and data enrichment?

I’m referring to an environment with:
XDR, X

Cortex XDR automation

is there any way to make the automation rule priority one? i don't have any other  rule 

Rule for Detection Powershell Execution

I created a BIOC to detect running processes in PowerShell and I intend to exclude some processes to avoid showing too many false positives, such as: SenseIR.exe and CompatTelRunner.exe.

Cortex XDR 

Custom BIOC Rule won't apply to Prevention Profile

We are attempting to make a custom BIOC rule to prevent the use of certain softwares on our servers. Applying the BIOC to a prevention profile works, except for when we add any exceptions. Say we are attempting to block Google Chrome on servers, we a

Cortex cloud architecture diagram

Can someone please help me with a detailed architecture diagram of cortex cloud as we have in Prisma cloud solution stack.

#cortexcloud

Cortex XDR PoC: Monitoring Malicious Chrome Extensions

PoC Lab: Monitoring Malicious Chrome Extensions

By:  @mfakhouri 

Executive Summary

With the convenience Chrome extensions provide, such as ad blocking, enhanced web viewing, and improving user experiences, it is no surprise that malicious act

Cortex XDR Pro / Browser extensions

Has anyone ever configured their environment to detect on unauthorized or unsupported browser extensions? Or conduct a threat hunt based on known facts?

We've seen some slip through the cracks and I know Cortex doesn't natively detect abused or mal

Cortex XDR 8.9 Non-Persistent Citrix Servers and Cache Write Issue

Hello everyone,

We have encountered and issue where the target servers do not get content updates.  The citrix Windows servers reboot nightly with the golden image configurations but do not receive the latest content updates.  At the same time, aroun

Email Notifications Setup

Good day,

Please does anyone know how to setup email alerts for cloud agents warning (like the notifications on the notification tab on the UI) and outdated agents (which are not the latest release/version). thanks 

Reconnect after endpoint cleanup

Hello,

I'm thinking about using the Endpoint Administration Cleanup tool.

However, I wanted to be sure if an endpoint is mistakenly deleted would shows up again in our tenant (if connected in the next 90 days).

Did anyone has experienced it yet?

Create a IOC without incident

Good morning,

Today I would like to create a block for two malicious files that I found in our environment. I noticed that I can create an IOC to block paths, file names, IPs, etc. I have already created an IOC using a wildcard for the file name: PDF