Binary file execution error while installating Cortex XDR in amazon linux

Using below user data script in aws ec2 instance i tried to install cortex xdr agent. During this process when i look into the system log i had found an error ./setup.sh: line 731: /opt/traps/bin/cytool: cannot execute binary file. Please let me know

[XDR] Can the Cortex XDR Prevent and Pro licences run side by side on the same platform?

Hello, everyone.
I would like to ask if anyone has used both XDR-Pro and XDR Prevent on the same XDR Tenant? XDR is judged by whether the Agent Profile has XDR-PRO enabled or not, right? Is there any problem with the Licence calculation? Thank you!

Student extensive use of VPNs.

Hello Livecommunity. We are in a bind. We have numerous students on our school networks that are bypassing security profile rules with VPNs. So frustrating. I do have rulesets that look for annnomizers and proxies. I also have explicit rules that loo

Changes on an Endpoint and Duplicates

In Cortex XDR, what changes on an endpoint could cause duplicate endpoint instances to appear? 

Example: Host A appears twice, but one instance is connected, the other instance has a connection lost status and is using a different IP address.

Under

HYPER-V AND GLOBAL PROTECT

Good morning, I have a problem with Hyper-V and Global Protect VPN, when using the Global network connection does not work the network in Hyper-V even if I configure the PANGP Virtual Ethernet Adapter, does anyone know what can be done to make it wor

Malicious .zip file detected as "HackTool/Win32.mimikatz" by AV policy and action shows as 'reset-both' but the file was not blocked

Hello,

While doing testing around our security controls, we did intentionally try to download Mimikatz onto an isolated workstation to see if Palo Alto blocks the download, however though Palo did alert with multiple threat names starting with "Hac

is it possible ingest data to data lake with unknown vendor devices like cisco,fortinet

Hi Team

we have cortex XDR with pro per TB license. also we have configured syslog receiver in BVM we can see the raw data of cisco and vendor switches as well as routers. what my concern is, does possible to ingest this kind of data to data lake?

Network

Hi Team,

We have a customer he is facing issue with, Sliver Framework Command and Control Traffic Detection - ThreatID 86680.

He is getting below sync error,

URL : mail.google.com/sync/u/0/i/s?hl=en&c=649&rt=r&pt=ji 

I have gone through the below art

Sliver Framework Command and Control Traffic Detection - ThreatID 86680

Hi all,

has anyone see this critical threat which is correlated in our environment with google mail?

This event started with content-8770-8365.

I can see that PaloAlto did some changes in Modified Anti-Spyware Signatures in release notes.

It simp

Edit/add an asset in IOT Security without any fields

Good morning,
I would like to know if there is a way to leave a field blank when editing an asset. For example, when I change the information of an asset that has been detected wrongly, it does not allow me to leave the OS Family section blank. Is the

Paloalto case number 02759964

I want to align an engineer for the case raised mentioned in the subject. Please help in doing so asap

Remove asset from iot security

Good morning everyone, I was wondering if there is a way to delete an asset in IOT Security. I think I should have put it that if at some point there was a device that has been detected correctly but for whatever reason has been removed should be abl