distributed network scan - Network Location Configuration - XDR Agent profile

Hello everyone,

Under the prevention profiles XDR agent has the capability to scan your network and find assets not onboarded using ping or nmap.
This setting also requires that you enable network location configuration.

This is from the docs:

"When

Kernel Module is Disabled - Status STOPPED - help installing

I followed the instructions on the website,and there was a problem

Where is agent v8.5???

Hello all experts,

From Agent Release below, v8.5 supposed to be released by 30Jun2024. 

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Agent-Releases/Cortex-XDR-Agent-Releases

However, 8.5 was not shown from the pull down menu wh

How can I see the device control violations logs from XQL?

Good afternoon,

Is there a way to see the logs that are generated in Device control Violations?

I know that using preset = device_control in XQL we can see devices but this preset does not give me all the data that appears in the Violations section..

Cortex XQL help

Hello Dear Community, I want to count events based on specified time periods. For example I want to query hosts that scanned more than 50 hosts in 10 seconds. How can I write XQL in that case?  

Cortex XDR 

XDR agent was successfully installed on CentOS, but it is visible on endpoints all endpoints

XDR agent was successfully installed on CentOS, but I saw it on endpoints all endpoints. I checked the installation logs to ensure that it was installed successfully.

The XDR agent communicates through the broker VM, and their communication is also

Cortex XDR CE version

How to know if Cortex XDR version is CE.

Will it show on the table when I go to Endpoints ----> All Endpoints and on the Agent Version Field it should have for example 7.9.102CE, if it shows 7.9.102 only then it is a standard version? 

Thank you.

Cortex XDR DNS Collectors

Hi community,

I have a query regarding Cortex XDR collectors. When installing collectors on the local DOM servers, what types of logs does the Cortex XDR console retrieve? How can these logs help with the investigation of incidents?

Move Cortex XDR agent from one tenant to another (and back)

When we move an agent to a new management server, what would happen to the logs and telemetries we have on the old tenant? Would they be retained as per the usual policy or would they just get purged?

Also if we then move it back to the old tenant,

Notification via Mail - Improvement

Hello! 

Changes are coming with 3.11, but for improvement put this information directly into mail:

• Source
• Category
• Action
• Host
• Username
• Starred Alert
• Excluded Alert
• Alert ID
• Incident ID
• actor_process_image_path
• actor_process_image_name
• actor_process_command

Data Ingest per Source for Palo Alto Firewalls in Cortex XDR

I do not think this is in the correct Board, but I could not find a Cortex XDR channel.. First time posting so I am sure I missed it. 

I have Cortex XDR and we are trying to see what firewall is sending the largest amount of data by GB Ingest. We a

Upgrade agent failed

I have encountered the following issue of failed agent upgrade on a Windows laptop, showing the following message:

XDR Agent failed to upgrade from version 8.4.0.51691 to version 8.5.0.624 on LAPTOP-xxxxxxx with error: Windows Installer DB: Current

BIOC RULE Creation - Workstation IP changed

Hi,

How we can monitor the scenario like,  when a cortex connected workstation's IP address change?

Whether it is possible to create a rule/bioc in cortex xdr for monitoring the above mentioned scenario ?

Cortex XDR Cortex Data Lake 

Thanks

Chr

GPU passthrough in VM (hyper-v) gets roll back automatically

I am using Hyper-v VM's on windows 2019 server 

After automatic deployment (not managed by me) of Cortex XDR agent version 8.4.0 on that server 

Assigning GPU's from host to the VM's getting roll back automatically within seconds in front of my eye