Hostfirewall Status Report

Hi Team,

I am trying to fetch some report from Cortex XDR console. I would like to know how many endpoints has host firewall rule applied. How many endpoints still running with Windows firewall. Is there any script available to check.

We are experiencing a problem, data may not be up to date. Please try again in a few minutes.

Hello All,

I've been seeing the following message on our Cortex XDR Dashboard for the past few days:

"We are experiencing a problem, data may not be up to date. Please try again in a few minutes."

There's also a link to Download support file inc

XDR Allow-Listing signed processes

We have internally developed scripts that we would like to create XDR exclusions or alert level reduction for based on if they contain code signing certificates.  I don't know how to go about doing this or if it's even possible.

The idea here is to

Causality Chain

Hello,

Can you please explain the difference between the causality chain of the 2 attached photos?
What exactly are the executions?

Block Execution of Specific Applications Regard of version

Hi,

We want to enforce the use of only the approved version of AnyDesk (9.6.5.0 and above) on all Windows endpoints and completely prevent execution of any older versions of anydesk.exe.

Is there a clean and maintainable way to achieve this using C

Unable to download a from from an endpoint - File size limit exceeded

Hello Cortex geeks,

I have a problem with a large file on an endpoint. This file is relatively large (1.1GB), has no VT ranking as it's too large for it obviously, and Cortex alerted about it because of signature forgery. I want to download and exami

Upgrade 4.X Cortex Tenant

Does anyone know how to upgrade the Cortex tenant from 3.x to 4.x, do I have to talk to Palo Alto or it can be upgraded by myself?

Cortex XDR automation

is there any way to make the automation rule priority one? i don't have any other  rule 

XDR as "SIEM" (challenge for discussion)

I wanted to leave a challenge here for discussion in the group.

Why not use XDR as if it were a SIEM, in order to analyze more events with better accuracy, and to create more correlation and data enrichment?

I’m referring to an environment with:
XDR, X

Process injection into lsass

We received an alert indicating creation of a remote thread in the lsass process by the Cortex XDR agent (cyserver.exe).

I noticed that during the same time period, there were a few other processes that got injected by the agent (e.g. explorer, svcho

How to find the assets that do not have XDR agent installed in new Cortex 4.x version ?

Hi,

earlier in the old Cortex 3.x version, it was easier to list out the assets that do not have Cortex XDR agent installed, from Asset Inventory (from the boolean value : Has_XDR_Agent as shown in the attachment).

Is this feature removed from the ne

Cortex Data Lake - Windows 11 Build & Enablement(?) Info

Windows 11 (and 10 presumably) has a series of numbers which, together, identify the build and patch level of the OS.  This would be a combination of Version: Windows 11 and/or Build Number: 10.0.22631.  The Patch Level (or Enablement Level) is shown