-
XDR agent install rolls back
Hi all,Has anyone ever had it where an agent will lose connectivity with the management console and will not r...
04-29-2020 Posted by CraigV1233 Replies0 Likes1410 Views
-
Duplicate endpoint
Hello, I regularly reinstall my endpoints. This creates duplicates for me and it's difficult to locate all the...
11-30-2020 Posted by Besnard2 Replies0 Likes108 Views
-
SaaS Log Collection
Can't find SaaS Log Collection to start ingesting external logs into Cortex XDR.All the documentations state: ...
11-24-2020 Posted by DJohnson841 Replies0 Likes132 Views
-
Web filtering in Cortex?
Hello,We have just recently implemented Cortex XDR for endpoint protection and have a question about web filte...
10-21-2020 Posted by bsuprai1 Replies1 Likes404 Views
-
GoToMeeting Whitelist
Does anyone know how to whitelist the GoToMeeting download?It is an EXE but the client agent blocks it. When I...
11-24-2020 Posted by BillStrahan1 Replies0 Likes106 Views
-
Best way to exclude legitimate behaviours
When it comes to excluding legitimate behaviours from BIOC rules, as far as I can see, there are 3 options:Mod...
09-25-2020 Posted by BenHooper2 Replies0 Likes482 Views
-
Behavioral threat detected (rule: bioc.syscall.remote banker...
Hi Guys,In the Cortex XDR, we are getting an alert indicatingBehavioral threat detected (rule: bioc.syscall.re...
11-08-2020 Posted by EricAghasian3 Replies1 Likes303 Views
-
Client groups in Cortex XDR
Hello,We are an existing Palo customer and we are moving to Cortex XDR for our Antivirus solution. In our curr...
11-20-2020 Posted by AndrewBowden041 Replies0 Likes135 Views
-
Cortex XDR Alert Dump File Analysis
Is there a way we can analysis the dump file when a behavior based alert is generated for an incident? We woul...
11-23-2020 Posted by KanwarSingh010 Replies0 Likes85 Views
-
What the different of alert sources and definition of its.
XDR Analytics BIOCXDR BIOCPAN NGFWXDR IOCXDR AnalyticsXDR Managed Threat HuntingXDR Agent
09-21-2020 Posted by Komdet2 Replies0 Likes711 Views
-
Cortex XDR Exclusions vs Exceptions
Hello all,Exclusions versus Exceptions, why is excluding an alert so much easier than creating an exception wh...
08-27-2020 Posted by JimWaZ2 Replies1 Likes794 Views
-
Cortex XDR agent installed on Windows 10 20h?
Hi Community,Does Cortex XDR support to be installed on Windows 10 20h2?Thanks!
11-15-2020 Posted by Tommy_Hsu2 Replies0 Likes232 Views
-
Unable to upgrade Traps from 5.0.x to XDR 7.2
Hi Community,I am unable to upgrade the Traps agent from v5.0.x to 7.2 using the rule from XDR console. I have...
11-10-2020 Posted by Abdul_Razaq1 Replies0 Likes188 Views
-
C:\ProgramData\Cyvera\Prevention folder piling up after inst...
Hi Team,After installing cortex XDR, I can seeC:\ProgramData\Cyvera\Prevention folder is getting filled up fas...
11-08-2020 Posted by Abdul_Razaq1 Replies0 Likes217 Views
-
Powershell script for XDR agent removal?
Would anyone happen to have an example of a powershell script that'll assist in removing the XDR agent? Thanks...
09-18-2020 Posted by CraigV1232 Replies0 Likes685 Views
-
Alert/Incident handling process template
Hi All,Does any one have a sample template or document for Cortex alert /incident managment procedure.RegardsA...
11-18-2020 Posted by AsifSid0 Replies0 Likes88 Views
-
'Kernel Privilege Escalation' generated by XDR Agent detecte...
Hi AllWe are receiving large number of alerts in our cortex xdr console, The alert is as below, (hostname and ...
11-17-2020 Posted by AsifSid0 Replies0 Likes115 Views
-
Feature Request – Add ability to capture memory dump
During a recent investigation our team came across a situation where we needed to take a forensic image of a d...
11-16-2020 Posted by lmschander0 Replies1 Likes125 Views
-
Send Mitre ATT&CK information via Syslog
Hello Friends,Does anyone knows how can we send the Mitre ATT&CK information/reference from Cortex XDR Ale...
11-16-2020 Posted by RPassos1230 Replies0 Likes143 Views
-
Cortex XDR agent Consuming full resource while scanning
Hi All,Cortex XDR agent consuming my full resource while scanning. Did anyone face this kind of issue?I am usi...
10-15-2020 Posted by CyberEye1 Replies0 Likes314 Views
-
Conflicts with Third Party Encryption Application
It appears that Cortex XDR does not play well with the existing encryption product we use. There is no indicat...
09-26-2020 Posted by EddieRowe1 Replies0 Likes390 Views
-
Demisto : How to display List of Messages
Hi Team, I am usingcreate_incident API to create incidents. Below is the sample code. I can create an incident...
10-22-2020 Posted by JSannake0 Replies0 Likes259 Views
-
Bitlocker Encryption Status Only
I was reading about the new Bitlocker functionality in the new release. We have Bitlocker already deployed in ...
04-22-2020 Posted by hhiggins8 Replies0 Likes2450 Views
-
Grok Filter for Syslog entries
Does anyone have a Grok filter compatible with Cortex XDR syslog entries?I'm piping Cortex XDR syslog into log...
10-11-2020 Posted by sam_miller5 Replies0 Likes612 Views
-
Updating Cortex Agent 7.2 fails
Good morning,I'm running into issues trying to update the cortex agent on some of our physical machines runnin...
10-02-2020 Posted by DJohnson842 Replies0 Likes558 Views
-
How to check receive log from fortigateVM64 on VM broker sy...
How to check receive log from fortigate VM64 on VM broker syslog collector?I setup log fortigate VM64 pattern ...
10-12-2020 Posted by Poobes0 Replies0 Likes277 Views
-
Cortex XDR Prevent Did Not Detect ncat
Hello I am new to Cortex XDR. I tried ncat on a PC with Cortex XDR Prevent (with Windows Defender) and it did ...
08-22-2020 Posted by tech_noob8 Replies1 Likes1722 Views
-
Server certificate for host is not allowed
hi,I have this message on more windows server 2019(vmware environnement), after install cortex 7.1:Server cert...
10-01-2020 Posted by WilliamFoisseau2 Replies0 Likes683 Views
-
Endpoint shown as 'Connection Lost' - cannot reach
I have a user (my boss) who is one of several endpoints with a status of 'Connection Lost'. I'm not actually a...
09-29-2020 Posted by TimGowen2 Replies0 Likes677 Views
-
.zip files Cortex XDR PRO
Hi community,Can cortex detect and analyze .zip files with password and delivered via email?
09-29-2020 Posted by marcelocampos0 Replies0 Likes384 Views
