Hello,
I want to block blueotooth activities on endpoints in Cortex XDR. Is there any way or rule to do this? If yes, can you write rule?
Thanks in advance.
Hello everybody.
If you have any doubts about the community's help story, my Cortex agent is installed on my Windows servers but often consumes a lot of CPU and memory resources from my VMs, this ends up creating many alerts in my monitoring, I would
Hi community
Quite often we have issues with cortex xdr on citrix infrastructure. Currently meinly with windows server 2022 we are in the situation where it is not possible to run cortex at all because of possibel servercrashes which are not yet anal
...
hey guys, i'm not clear how to block the running (installing) of certain software using XDR by restricting by digital signer.
Is it possible to cerate a BIOC and apply to a restricted profile? If not, what would you say is the best way to go about th
Hello,
I would like to know if any of you have struggled with support and technical cases with the need I show below.
I would like to know what you can tell me or give me your opinion of blocking executables based on static metadata using the “Proces
Is there a method/tool available that anyone is aware of to better manage multiple policies or quickly/easily identify those policies which may have/need slightly different configurations?
For example, if we have 2 dozen policies and there's a new
...
Hey dear community,
do I have the chance to elevate a alert to an incident? I tried allready to set the severity of an alert to critical, but nothing happened. This alert doesn't get an Incident ID.
I thought this was possible in the past, but
...
Hi,
Anyone know if is possible to retrieve the devices with drivers with vulnerabilities?
I've a lot devices with Cortex XDR and my objective is force IT guys, update vulnerable drivers etc.
We are receiving multiple alerts from the rule below. All alerts are legitimate Microsoft IPs:
Abnormal Recurring Communications to a Rare IP
Could there have been any recent changes on the Cortex end that might be triggering this?
Cortex XDR
Over the past two weeks we have been seeing detections/blocks from the following rule "Behavioral threat detected (rule: bioc.sync.critical_termination)" for known good files 7z2301-x64.exe (7-zip install) and PhotosService.exe (part of built-in Wind
...
Hi everyone,
Does anyone know of or have an automation to periodically check if all devices in the company have the Cortex XDR Agent installed
I currently use Mapper, but my network is large, with over 35k devices (including computers, printers, a
...
Wondering if there are plans to help build queries? Something as simple as looking for a file called "testfile" requires the query with the below code:
|preset = xdr_file
|filter action_file_name contains "testfile"
Another example that we are current
...
There's many situations where it would be convenient to receive a notification when a device is online. We often run into this when a device is isolated and we are unable to contact a user. Since there is no native ability to trigger an alert or n
...
Hi,
I have downloaded Broker VM OVA file and installed it on my VMvare. I just wonder about with the following issues. As you know Broker has two IP one for public and one for private.
In this part, if i go static, will I be configuring internal o
...
With the continual growth and development of ARM in the windows sector there is a clear demand for a Cortex XDR Agent for Windows on ARM. This also impacts virtualisation on Macs and other devices with ARM processors.
Is there an roadmap for considera
reaper
on:
NGFW User-ID and Terminal Server (TS) Agent Self-Signed Certificates expiration
