Hello,
I know that when we buy cortex xdr prevent and pro per GB license, it comes with default data lake. But we cannot access this data lake from HUBs as we did in the past.
And, I know that we can but Data Lake for Prisma and IOTs. But I won
...
Dear community,
I'm trying to generate the USB plug-in statistic to build case around it. Hence the following 2 XQL queries were built. The only issue is I'm not sure which one is the more accurate data as i found both results are not even close.
Do
Hello Community!
Situation: We are seeing XDR incidents where NGFW detects something trying to reach out to malicious websites. This is automatically mitigated by dropping the connection on both ends, as it should. However, it seems this results in
Some endpoints shows "Agent is not running due to disk space" and "Agent running without any valid content" in Operational Status Data. What could be the possible reasons and how to troubleshoot?
Hello i'm trying to do query for the specific fields in the datasets, im trying to do regextract to filter out some specific value in the fields then i use alter to move it to the new fields. But the problem is the value of the fields that im trying
...
Hello,
I have a file and when I run it, Cortex XDR blocks it and shows me some information:
"""
Application information:
Application name: Windows Explorer
Application version: 10.0.22621.3007
Application publisher: Microsoft Corporation
Process ID:
Cortex XDR
Dear all,
Does anyone know the log source for action_evtlog_provider_name = "var/log/wtmp"? As I know, wtmp is last log as follow:
However, I find that the result is not only wtmp log but also secure successful log in cortex XDR:
So
...
Hi ,
we need change hostname on Golden Image VDI , it's necessary reinstall agent Cortex XDR or exist some command to update this?
I want to create an alert and to do this, my understanding is to create a XQL query in the Correlations, to create the alert. I then can use the Automation to create the Email and text alert.
My struggle is I'm not that good with creating XQL stuff.
...
Hi Community,
We have a question: Is it possible to block NFC in Cortex XDR? We have already checked the Cortex XDR documents, but they do not mention anything related to NFC. Could you kindly share your feedback on this matter?
Hi
I want to use or operator in XQL regextraxt but the following command does not work. Can you help us.
Thank you.
|alter etki=regextract(message ,"Etki\sAlanı\sAdı\:\s+([^\n\r]+) | Domain\sName\:\s+([^\n\r]+)")
Hi All:
We found that the Alert notification sent by XDR was delayed in delivery.
It often took over a minute to arrive, and on one occasion it took over forty minutes for our log server to receive it.
Does anyone know how to improve this issue, or i
Hi All,
We have configured periodic endpoint scanning in all the malware profiles in our infrastructure. We needed to get the scanning report, or at the very least, the scan's status, such as how many systems got scanned or failed. How and where ca
...
Hello All,
Whenever the user is connecting any device in the system which is not allowed, we get the logs in the device control violation regarding that device.
In such case, what changes are required-
a) Allow the device through device permanent
...
Hi All,
can you help for information i need
attach the picture.
what are the meaning thread id tunneling:secshow.net ?
thanks
