Broker VM questions - Tenant switch for agent

Hello 

Please share any experience or advice for below situation and how best to approach this .

Currently agents are connected to UK Cortex XDR  tenant via a Broker VM installed on premise . Now the need is to use EU Cortex XDR tenant ,this will

Security Test / poor result

Hello dear Community! 

Does this result reflect the strenght of PA Cortex XDR?

https://papers.vx-underground.org/papers/Malware%20Defense/AV%20Tech/An%20Empirical%20Assessment%20of%20Endpoint%20Security%20Systems%20Against%20Advanced%20Persistent%2

Correlation Rule for services

Is it possible to create a correlation rule to identify when new services are present on an endpoint

For example,

Create a correlation rule ,using a query that returns all services on an endpoint, that creates a new data set of the results..say there a

Cortex XDR with Citrix App Layering and MCS

We're in the process of installing a new setup with Citrix App Layering (Full User layers) and MCS. I've followed the suggestions here on non-persistent installation (VDI_ENABLED=1); even though our setup technically is sort of persistent (because of

Endpoint Connection Lost

Hi all,

Some of our endpoints in our Cortex XDR Console shows  a "Connection Lost" Status but the endpoint is still active.

The cytray shows disabled and no connection. We also checked the control panel and upon checking, The installed Cortex XDR Agen

Cortex XDR disk encryption

Hello,

I can't turn off disk encryption. I disabled the disk encryption policy for an endpoint, then the encryption status returned as not configured. But I can still see bitlocker on the endpoint is ON. How can I turn off bitlocker on endoint not ma

Citrix PVS servers consuming multiple Cortex XDR licenses

Hi all,

We're having an issue where Citrix PVS servers running Cortex XDR consume a new XDR license every time they reboot. I don't fully know how PVS works, but essentially from what I can gather is upon booting up, it pulls a copy of an image from

Does Pathfinder require an agent to be installed on the endpoint?

No, Pathfinder uses an agentless endpoint analysis service, running its own code on suspicious endpoints to collect information about running processes on the endpoint and determine if the processes are malware or greyware.

Cloudflare logs to Cortex Data Lake

Is it possible to send logs from Cloudflare to Cortex Data Lake? If possible how can i send? Anyone tried something like this before?

Thanks!