Resolved! BIOC - Powershell Script Based Alert Detection

We know that Cortex has the ability to use AMSI but is any one able to achieve a BIOC rule which can trigger an alert for the content inside the script.

Lets say if a Powershell script which is being run has certain parameters in the body such as "re

Resolved! Incorporating NGFW and Active Directory information into the management console

We have the Prevent license and I am curious if anyone has been able to take their PA NGFW data and send it to the XDR console? I know this can be done with the Pro license for increased forensics and threat detection but I am not sure if I can do it

Resolved! Is there any way to rollback on a content update to test something?

I was wondering if it was a possibility to rollback on a previous version of the content update just to test something?

Anybody knows if that's doable?

Resolved! Friendly Script Execution on multiple Hosts at the same time

Hello dear Community, 

is Cortex XDR Pro able to fire a script on all or on some hosts with one klick?

I know and worked with the live terminal, but how can we perform scripts for multiple workstations/Servers/Notebooks? 

BR

Rob

Resolved! XQL Filter out specific combination

Hello

i am trying to create XQL filter to filter out all known connections, so it only returns me connections that should not happen.

So i create separate line for each of those knows connections, like:

filter (action_local_ip != "10.130.130.34" and act

Resolved! Enabling MFA in support portal

Hi,

I want to enable MFA in my account to access support and XDR account.
But I am unable to setup.

Can anyone help to solve it?

Resolved! Process Hunting - Powershell + WGET typing manualy

Hello dear community, 

is there a way to hunt for a manually started powershell.exe where a attacker started wget. 

In this case I opened cmd and typed this CMD in. Cortex XDR recognized it. 

But when I manualy open powershell and type in manualy wg