Team, Please let me know whether we have an option to block in-built SD Card Readers in MAC Machines.
Thanks!
Hello,
We have multiple tags assigned to hosts as part of EC2 instances. Is there a way we can reflect those tags in the XDR console.
Thanks !
Hello, Is there a way to get data that is there on the host and then populate it on the XDR . eg. get tags available on the host and then automatically populate it in the XDR console?
Dear All,
I configured some tags while the installation of the the agent on the workstations, they have the logo attached.
But I need now to change some tags or remove them using Cortex XDR management console.
I tried Manage Endpoint Tags (paloalt
...
Hi All,
Can anyone let me know how to check the content update version at the endpoint level?
It is not visible in the agent console.
Can I make use of Cytool? If yes, what is the command to check?
Thanks!
Cortex XDR
Hello, Is there a way to get data that is there on the host and then populate it on the XDR . eg. get tags available on the host and then automatically populate it in the XDR console?
Dear all,
I want to create a widget which contains the incidents by severity but I need to add a filter by tags.
Can I have an example of the XQL query.
Best regards,
Hello,
Is there a way to create a connector between cortex console and AWS portal that can fetch EC2 information as soon as the agent comes online and then populate the data received by this connector into the XDR.
Thanks !
Hello dear Community,
Does the Cortex XDR Agent work in Windows Safe Mode?
https://attack.mitre.org/techniques/T1562/009/
BR
Rob
Does anyone know the Cortex XDR Auto update mechanism?
I recently found that some agents failed to update automatically. The failed content included content update and agent update. The console log did not give the reason for the failure. What are the
Hi community,
Wondering if anyone else is seeing BT alerts for sdiagnhost.exe appearing over the last 24 hours? We have had similar things occur in the past due to over excited signature updates cause false positives.
This process is one that MSDT
...
Hello dear community,
you know how to handle this svchost.exe without signature? In my opinion it is FP, but why?
Isn't it possible for the cortex agent to read the signature from svchost.exe in this case?
I tweaked the alert and gave it m
...
Hello dear community,
in my mount tests I could find out following:
- if you mount the same file name 2 times with different file data inside the iso, the alert isn't created because the file isn't beeing created. I think the recent folder is no
...
Hello dear community,
how can I find out with Cortex XDR PRO (non per TB, non connected Firewall, etc.), which data was uploaded in this example? Has anyone an idea or script to do so?
BR
Rob
Hello dear community,
what is the best way to setup a query for bioc to get an alert. Maybe correlation rule is a better place for my project?
It should alert, when a XLL File was written or read or deleted.
Should I setup a specific file location
...
