We enable ELA on our NGFWs, forward logs to SLS, and also ingest the SLS logs into our XDR tenant.
Is there a way to verify in the XDR tenant or SLS that logs have been enriched by ELA?
Hello Everyone,
I want to fetch all assets from asset inventory using XQL query but I am unable to find a suitable dataset for it. Can someone please help with XQL Query to fetch all the assets.
Thank you
Cortex XDR
Hi everyone, i have an issue. Cortex receives data from data sources (endpoints, servers etc) but i can not see alerts and incidents. My dashbord shows 0 alert and 0 incident. Who could help to me?
Hello,
I have Cortex Pro per GB license and NGFW. I have successfully created certificate and it is showing as valid in XDR console. I have created a profile which is sending logs to Data Lake. I have applied it on many policies. But I cannot get
...
I have a lookup with software names and want to use it to compare it to results from xdr_data using the fields actor_process_image_path which is the dir the software in installed in.
What is the maximum file size for hash calculations in both XDR data and Insight Hosts files database? Thanks.
Hey,
I've configured a Prevention Policy Rules to apply on windows endpoints which have a tag = myname.
How long should it take to apply on these endpoints ?
For example if I go to "All endpoints" in the "Assigned Prevention Policy" I still see the ol
We have created a disable prevention rule for a few Cortex XDR agent-blocked alerts because they were false-positive.
However, we recently received 2 new alerts with the same fields as the ones for which we created the disable prevention rule.
I only
...
Hi, our Broker VM is shown disconnected on XDR console. The VM is up and running and I can connect to it via SSH. It can connect to the paloaltonetworks.com domain as I can see the traffic on firewall. Version is 25.0.44. Even the last seen is today,
...
Hello
Is there the cheat sheet of comparison of Ransomware Protection Mode "Aggressive mode" vs "Normal". I have no idea key differences between "Aggressive" and "Normal" mode. I need to that cheat sheet in my report. Anybody can provide or Do Pal
...
Hi,
I encountered a situation where we see "Unsupported Platform" in CVE column unexpectedly for MacOS endpoints in Vulnerability assessment in Cortex XDR. Does anyone know why this might have happened ? Or what is the reason and how to fix this ?
C
...
Hey dear community,
do I have the chance to elevate a alert to an incident? I tried allready to set the severity of an alert to critical, but nothing happened. This alert doesn't get an Incident ID.
I thought this was possible in the past, but
...
Hello everyone,
I have an incident and when I open related logs, it is showing large upload. I can see a bunch of logs which indicates that someone has uploaded 53 mb file to amazon or one drive. I saw destionation host as ........amazon.com and i
...
I want to install Cortex XDR on Win 7 and Win 8 systems and as per my knowledge we can only install 7.9 CE version agent.
From where can I download it? its not showing in on Agent Installations --> Create agent installation option. Need urgent help
...
We are experiencing a few BSOD events when auto-upgrade pushes new agents.
Anecdotally, it only seems to happen to a small number of machines and well below 1% of the total XDR estate, however this is anecdotal and I keep getting challenged that "only
