Cortex XDR 8.2.0 and 8.2.1 Threat Alerts QRadar DSM Not Mapping in QRadar

We have Cortex XDR 8.2.0 and 8.2.1 agents (with plans to upgrade to 8.3.0) and the threat alert logs sent to QRadar are no longer categorized properly.  The events are categorized by QRadar as "unknown".  Are there any plans to update the DSM Cortex

Issue with Cortex XDR Windows Portable Device Policy Not Working

Hi community,

We have assigned the Windows Portable Device block policy to some endpoints. However, we have observed that USBs are still accessible on those machines.

For future troubleshooting, we need to verify whether the policy is correctly a

XQL newbie

Hello everyone.

We recently upgraded to Pro and this XQL stuff looks like an entirely different language to me still. I need some help if possible in getting started.

I'm looking to build two queries.

1) I need to go through our AD infrastructure (

Unconventional GP upgrade through XDR action script - works, but could use optimization.

I have a script to silently upgrade GlobalProtect clients to 6.2.2 using an msi, while avoiding disconnecting active users and reboots.  It's simple and it works, but I looking to improve it by having successful upgrade status or reason for failure r

cyvrlpc.sys caused BSODs on Windows 10 after update

Hi all, 

some of the users reported a BSOD after updating their Win10 endpoints. I'm thinking this might be due to the incompatibility between the driver and newest OS updates or something similar (looking into the stop code). 
 
Stop code: DRIVER_IRQL_

Cortex XDR missing powershell logging

I'm doing some Powershell detection testing and I noticed that when I open the Powershell GUI in windows and run a command below it doesn't trigger a Powershell detection.  However, when I add powershell in front of the command it does trigger an eve

Slow Dashboard in Cortex XDR Version 3.9

Hi Community! Our Tenant was recently updated to XDR version 3.9 and since then the main dashboard seems to be much slower and unresponsive. Anyone else in the community experiencing this? I have been testing using Edge and chrome the quick launcher

Downloaded tar file contains a broken cortex.conf with deb-package

I've now finally sucessfully installed Cortex XDR in an Ubuntu-22.04 image in WSL2 in Windows 11.

However the provided cortex.conf file in the tar-file is missing a newline on the last line of the file, making it not work properly.

Editing the file a

XQL Query - Machine Custom Reports

Hello,

good afternoon.

I currently have a few machines and xDR installed on them.

I need to make a weekly report with the information of the machines and the scan previously configured.

Currently, what I have configured using XQL Query:

-> Checks i

Can we run the XDR on separate port apart from 443?

Hello All,

For 1 server we are facing the compatibility issue as the port 443 is required to upload some data for business purpose and that port is also required for the communication of Cortex agent with cortex server.

Can we use some other port