Install XDR agent for unmanaged PC in remote users

hello experts,

we got users who is work from home. no IT support,

looking for a way to install XDR agent for users.

using teamview or anydesk??

any experience to share?

Thanks

SdG

Cortex XDR: create endpoint groups

Good morning,

  maybe someone could help me to find out if there is any option to create several endpoint groups by uploading a file or by other means. From the inventory ->  endpoints -> groups, it seems that it is only possible to create one endp

Rule for Detection Powershell Execution

I created a BIOC to detect running processes in PowerShell and I intend to exclude some processes to avoid showing too many false positives, such as: SenseIR.exe and CompatTelRunner.exe.

Cortex XDR 

How to escape a wildcard (*)

How could you escape a wildcard in a query

For example if i am looking for suspicious LDAP queries like (objectclass=*), i need that to be literal and not match on things like objectclass=example. I have tried many different combinations including ju

Playbook to enrich dataset data into alert context

Hi,

Is anyone able to guide me on how to achieve this perhaps?

I want to ran a task in a playbook that will do a custom query in a dataset and pull information and add it to the alert context data.. is this possible and if so guidelines would be appr

Advanced Authentication Cortex API

Does anybody have any examples of how they have implemented Advanced Auth for the Cortex API

I only have PowerShell available examples using that that would be preferred, but I can probably interpret most scripting languages.

If not examples, maybe lin

Capture the running command in memory

Hello,

Please, I want create XQL query or BIOC to show any running command in memory (fileless_scriptload_cmdline).

Best regards.

Want to use Cortex XDR Agent Cleaner but cant log support as licenses expired

Hi all,

My XDR portal has expired and i want to use/test the Cortex XDR Agent Cleaner as part of my role. Can i access this tool elsewhere, or can i use my support for my other Palo products to request this?

Upgrade 4.X Cortex Tenant

Does anyone know how to upgrade the Cortex tenant from 3.x to 4.x, do I have to talk to Palo Alto or it can be upgraded by myself?

Cortex XDR Blocking Intel process

Hello,
We have noticed a reoccuring issue between our clients, that a intel process is being blocked.
The main cause of it being blocked is IntelGraphicsSoftware.Service.exe with a path something like this - C:\Program Files\WindowsApps\AppUp.IntelArcS

Windows Event Collector vs XDR collector

Hello guru,

it seems both served the same purpose to me. all i would like to ingest the event logs for analystic purpose.

except the configuration nature, like WEC required AD config and XDR collector need an agent installed.

what is the pros and con

Please update MITRE Techniques in BIOC module

Please update MITRE Techniques available in BIOC creation menu for Cortex XDR V3.16

Missing MITRE techniques in BIOC module:

T1204.004 - User Execution: Malicious Copy and Paste - https://attack.mitre.org/techniques/T1204/004/

T1204.005 - User Ex