CIE Data Sync Alert Across Customers – XDR Console

Hi Team,

We are experiencing the same issue across all customers on the date 10-07-2025. In the XDR Management Console, we are seeing a notification stating that the CIE data is not synced.

However, we have verified the following:

• The Palo Alto Hub

Parsing and Mapping 3rd party log source logs

Hi,

We’re in the process of ingesting logs from multiple third-party systems into Cortex XDR, but the current documentation on user-defined parsing rules and dataset mapping isn’t clear enough. Is it possible to get a detailed step-by step plan on

Cortex scan report

Hello all,

I am a new user of Cortex XDR and I noticed that upon scanning a host, the malicious files identified by the scan are so difficult to find. I was expecting a proper scan report, where I can actually see the name and path of the identifie

XQL Query Assets XSOAR

Hi everyone,
I need your help.
I'm trying to create a CMDB using a playbook in Cortex XSOAR  , pulling data from the Cortex XDR tab Asset Inventory (XDR-managed devices as well as others collected via mappers and IoT firewalls).

My idea is collect all a

Adding exception for weekend

Hey guys, I’m looking to exclude some detections that occurred over the weekends and could use a hand with crafting that query.

Cortex XDR to block specific powershell script

Hello Team,

I have a script that I would like to block across the entire estate.
Is there a way to achieve this in Cortex?

Thank you.

Detect user who moved a folder using XDR and XQL

Hi everyone,

I need help identifying which user moved a specific folder from a network share to another location. The only information I currently have is:

• The old folder path (e.g., \\server\share\oldfolder)
• The new folder path (e.g., \\server\users\

Cortex XDR "The target location already contains a file named" problem

Hi, 

I have a problem after installing the XDR Cortex agent.

Windows 10,11. When trying to copy any file to the network share (Synology), which was created on the workstation after the agent installation, I receive the message "The destination alread

Full disk access requirement on macos agent

Hi team

A couple of questions here:

1) Is full disk access required for agents running on macOS Sonoma and Sequoia?

2) What is the meaning of "Requires full disk access: False" in the "cytool status" output? (screenshot attached)
The endpoint we

HELP With XQL Query to fetch All Assets

Hello Everyone, 
I want to fetch all assets from asset inventory using XQL query but I am unable to find a suitable dataset for it. Can someone please help with XQL Query to fetch all the assets. 

Thank you 

Cortex XDR