linux agent change or remove without password - bug ??

Hi,

i've uninstall password setup for all devices on tenant, but on linux machines, it's possible stop services or uninstall agent without password.

anyone knows why??

XDR 4 - Integrations AD Query

Hi everyone, on Cortex XDR 4 ,we can build small playbooks, and one of the available actions is AD Query.
My question is: what is required to configure this integration?

I see that the integration asks for the IP address, domain user, and other parame

identify for MS Office processes that write an executable file with BIOC or XQL

Hi,

Please, I want to identify for MS Office processes that write an executable file(s) with BIOC or XQL.

Best regards.

Cortex XDR Broker VM content cashing verification

Dear All,

I have added the self signed certificate (certificate generated in linux and verified by AD) in broker VM, I did not receive any error, but need to verify if the content cashing is working properly?

How can I verify if the content cashing

Advanced Authentication Cortex API

Does anybody have any examples of how they have implemented Advanced Auth for the Cortex API

I only have PowerShell available examples using that that would be preferred, but I can probably interpret most scripting languages.

If not examples, maybe lin

Cortex cloud architecture diagram

Can someone please help me with a detailed architecture diagram of cortex cloud as we have in Prisma cloud solution stack.

#cortexcloud

Playbook to enrich dataset data into alert context

Hi,

Is anyone able to guide me on how to achieve this perhaps?

I want to ran a task in a playbook that will do a custom query in a dataset and pull information and add it to the alert context data.. is this possible and if so guidelines would be appr

Cortex XDR – Unable to Assign Read/Write Permissions for Mobile Device (Detected as CD-ROM) in Permanent Exceptions

I am working on a Cortex XDR Device Control configuration and I need to allow a specific mobile device only for file transfer from the endpoint to the device, but I do not want to allow any data transfer from the mobile device back to the endpoint.

Windows Event Collector vs XDR collector

Hello guru,

it seems both served the same purpose to me. all i would like to ingest the event logs for analystic purpose.

except the configuration nature, like WEC required AD config and XDR collector need an agent installed.

what is the pros and con

Cortex XDR: create endpoint groups

Good morning,

  maybe someone could help me to find out if there is any option to create several endpoint groups by uploading a file or by other means. From the inventory ->  endpoints -> groups, it seems that it is only possible to create one endp

Want to use Cortex XDR Agent Cleaner but cant log support as licenses expired

Hi all,

My XDR portal has expired and i want to use/test the Cortex XDR Agent Cleaner as part of my role. Can i access this tool elsewhere, or can i use my support for my other Palo products to request this?

Install XDR agent for unmanaged PC in remote users

hello experts,

we got users who is work from home. no IT support,

looking for a way to install XDR agent for users.

using teamview or anydesk??

any experience to share?

Thanks

SdG

Restrict traffic to public IP addresses with Cortex

I have dual homed systems with one of the IP addresses being publicly routable due to a cellular connection. My goal is to use Cortex to block traffic destined to those public IPs. An XQL query has been constructed to match traffic I would like to bl