Block logs to Data Lake from specific endpoint

Hello,

I have a case where logs are delivered to Data Lake from endpoint were we're unable to uninstall Cortex XDR agent. We also can't connect to this endpoint to take manual actions to stop receiving logs from it.

Is there any way to block/preven

Stopping Python Execution will affect Cortex XDR py scripts functionality?

Hello dear community!

I want to stop every python prozess with an bioc. 

Will this also affect the script functionality from the Cortex XDR Pro agent?

BR

Rob

Endpoint Operational Status

Currently, our devices are unprotected state and partially protected state due to disk consumption. 

Is the data in the cortex xdr incrementive or does it delete itself after sometime ? 

What is the possible solution for this issue ?

How do we diff

Protection against Hack5 tools incl. USB Rubber Ducky

Hello dear community, 

Has anyone of you expierience with usb rubber ducky and cortex xdr? 

Our supplier couldn't answer this from the beginnen of the poc. (~1Y)

Maybe the collection of a community like you get this question faster answered? 

I wou

XQL query to find endpoints where X application is installed but not Y application

Im needing to find endpoints that have a certain application (Application1) installed but then does not have (Application2) installed

The query below returns results that have either Application1 or Application2

Im downloading the results and then us

AV Operations through XDR

Hello,

1. Please recommend the scanning period and best practices to achieve AV operations through XDR.

2. On what basis does the malware scanning take place. Is it signature based, Hash based etc.

Cortex XDR Overall Security Score Dashboard and Incident Trend Analysis

Hello Team,

Can you kindly assist in a template or guide on how to create a custom dashboard to show the overall company security index based on all incidents and open vulnerabilities created on the Cortex XDR Platform and trends in showing that th

​ Custom scan

Hello,

How to perform a custom scan in Cortex XDR ?

Unprotected & Partially Protected operational status in Linux servers

Hello , 

Noticed in operational status Endpoint whose agent version is not upgraded mentioning status as protected ,unprotected & unprotected , 

After seeing operational status data came across 6 unique issue in servers . 

They are as follows:

1. 
"Xd

Compliance Dashboard

Hello,

We noticed that the new Compliance dashboard has been added in the XDR console, but we don't see any details. What is this dashboard related to and from where it is fetching the data.

Routing traffic towards Broker VM

Hi All,

We have a Broker VM set up in our environment, and we only want the agents to communicate with the tenants through the Broker. However, we are seeing few endpoints talking to the Tenant directly over the internet.
Although "proxy" is specifi

Firewall connect as partially to Cortex Data Lake an no logs

Facing an issue with connection to Cortex Data Lake,

Firewalls are connected to CDL, but are unable to see the logs when the device is on the hub,

looks firewall is sending the logs but can't see them on the explorer page,

In addition, on the HUB, we