Hi all, I have a problem with the agent - I have one agent that is not communicating with the xdr server after installation. The host in question had it's agent uninstalled via the xdr server, and then re-installed by the IT team. However now the hos
...
Hey!
I was just wondering if anyone knows of a way to get the total download/upload to show in MB or GB rather than bytes through an XQL queries' output?
XQL Query
dataset = xdr_data // Using the xdr dataset
| filter event_type = ENUM.NETWORK // Filt
Hello,
My question is what are the capabilities of Cortex XDR without endpoint agents and just with PANOS firewall integration? As the Palo Alto firewall can forward its logs to the XDR for extra checks what are the features that XDR can provide
...
Hello
We have 2 machines with Cortex XDR, version 7.2.0.63060 one and version 7.5.0.36150 other
This machines cannot update, and we cannot uninstall cortex in those machines.
We try do this:
cytool protect disable
And then try uninstall, but does,t resolv
...
Hey dear sec community!
is there a way to setup an correlation rule, which can block and not only detect?
I couldn't find a way. I tried the XQL queries from the libary.
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investi
...
Reason for Query:
LOLBINs are used quite extensively in attacks, in some cases LOLBINs are renamed and then used to bypass behavior based detection rules. Hence, the query is built to hunt for renamed process execution eg; cmd.exe renamed to xyz.exe a
...
Wanted to share a useful XQL query we have setup as a correlation rule in case anyone else finds it beneficial. This query requires that you have PAN-OS firewall URL logs available within XDR datasets, for example being sent to Cortex Data Lake. The
...
Dear community
When using the Vulnerability Assessment with Linux hosts, the results may include a lot of false positives.
Distributions which are backporting security fixes (CentOS / Debian) do may not change the App Version when they got patched.
htt
...
Can we use a script or command line to install Cortex XDR agent for Mac? Please advise.
we are still manually installing Coretex to our Macs on Big Sur, this involves some time and the hope that our human computer builder / imager doesn't forget to manually approve PMD and Traps extensions.
Is there a method where we can use a script i
...
Hey dear Cortex XDR Admins and Users,
when a KB was not installed in march and replaced with another KB from april like here:
https://administrator.de/forum/windows-server-2012-r2-windows-updates-2627286719.html
Is the best way to exclude the CVE in
...
Hello, we are using Cortex in a Citrix PVS environment.
We installed the agent with the VDI flag on the master vDisk. When we try to generate a scan on the new version of the vDisk, it always stuck on this file:
\\?\GLOBALROOT\Device\HardiskVolume3\S
...
We have several hundred Global Protect users using Auto VPN. It would be nice to
see their global protect logs, ipconfig /all, netstat -rn information before calling them
back on a filed ticket. Can Cortex collect these logs on a regular basis without
...
Hi Community!
Can anyone tell me when PAN will support Cortex XDR Agent on Microsoft Azure Stack HCI Os,
that is based on Windows Server 2019/2022?
https://azure.microsoft.com/en-us/products/azure-stack/hci/#overview
OS is out now for 1,5 years and no
...
I would like to determine how to view the identity of the user who resolved an incident in Cortex XDR. Presently the only artifact available is a "Resolved Timestamp". This however tells you WHEN an incident was resolved not WHO resolved it.
Is there
...
