Hi Everyone,
I'm new to Cortex XDR and looking to enhance our network security alerts. I want to create a BIOC rule that triggers an alert whenever a data transfer larger than 100MB occurs between two devices (Local IP to Remote IP). This will help u
...
I want cortex to generate an incident if a specific file(mp4, jpg) is executed. Is there any possibility to do this? How is that?
Hi Team,
We are planning to install the Cortex XDR agent on the DHCP server. How do we set up the proxy (Broker VM) and add comments for the Cortex XDR agent proxy on the DHCP server? Please provide clarification and share the steps.
Hi,
I know that I can go to Endpoint Data -> Open Asset View -> Open Asset View in new tab and then use "Run Insight collection" but from time to time I need to do this on around 50 hosts so this option is not really practical. I wasn't able to find
...
Hi,
Does anyone know if what is stored in this Cortex XDR agent path /opt/traps/download/content can be deleted?
Cortex XDR
Hi ,
It shows half of the Linux systems partially protected even though all the the kernel versions, content update and agent version are compatible .Also no policy changes were made. What could be the problem ?
Hello everybody,
I need to create stacked graph similar to the one on Ingestion dashboard (Daily consumption).
The graph should have DNS query name on X axis and total count on y axis. But at the same time, I need to have the column separated by DNS_
...
Hello,
In some cases, when we try to delete files using hash/path, file deletion fails due to "Access Denied".
What could be the reason for the deletion failure?
I have a number of cases where the tenant equipment is disconnected from our cortex xdr,
There was a tenant change recently and equipment from any of them became disconnected for no apparent reason.
I tried brute force connected but it didn't work.
An
...
Do I have to collect forensic data all the time? it's sufficient to ingest data just after an incident?
*Note: This question was asked during the Cortex XDR Customer Success Webinar: Uncover the Power of Forensics - Part 1
Hello community,
I was wondering if anyone found an efficient query to look for data exfiltration/large file uploads?
I'm looking more from a threat hunting perspective, where I would want to trace one or multiple file being uploaded to a remote dest
...
Hi Team,
We are getting this error while installing XDR on a Windows server - The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502
Can someone pls help to
...
Is there a new Cortex XDR being released soon for compatibility with MacOS Sonoma (14.0). I have a team testing this OS and the current version 8.1.1.2594 isn't compatible.
reaper
on:
block powershell but allow only specific powershell script
