Citrix PVS servers consuming multiple Cortex XDR licenses

Hi all,

We're having an issue where Citrix PVS servers running Cortex XDR consume a new XDR license every time they reboot. I don't fully know how PVS works, but essentially from what I can gather is upon booting up, it pulls a copy of an image from

Does Pathfinder require an agent to be installed on the endpoint?

No, Pathfinder uses an agentless endpoint analysis service, running its own code on suspicious endpoints to collect information about running processes on the endpoint and determine if the processes are malware or greyware.

Cloudflare logs to Cortex Data Lake

Is it possible to send logs from Cloudflare to Cortex Data Lake? If possible how can i send? Anyone tried something like this before?

Thanks!

How to get the list of alerts/incidents for a particular list of hosts?

Hi,

I need to know how can we get alerts for particular hosts/ a specific group ( Ex: 1000 agents ) in the Cortex XDR console -> Incident Response -> Incidents -> Alerts table. I have tried from filter option but it doesn't work. We can't add all the

CIDR Lookup or Join for IP Enrichment

I would like to use some custom datasets to enrich some of our XQL searches.  It could be our subnets from our IPAM or in this example the ASN information.  I have used lookups and joins in the past to accomplish this in others tools and would like t

Verdict of VT and WildFire

Hello Team,

From XDR console, we wanted to export alerts includes verdict from WildFire and Virus Total which we are not getting.

Can anyone help me with XQL query or other way to get verdict (for e.g. Process: Excel.exe WF Verdict: Benign and VT sco

macOS Big Sur - how to automate full install, eliminate manual approval of system extension files

we are still manually installing Coretex to our Macs on Big Sur, this involves some time and the hope that our human computer builder / imager doesn't forget to manually approve PMD and Traps extensions. 

Is there a method where we can use a script i

Cortex 7.2.0.63060 and 7.5.0.36150 cannot update neither uninstall

Hello

We have 2 machines with Cortex XDR, version 7.2.0.63060 one and version 7.5.0.36150 other

This machines cannot update, and we cannot uninstall cortex in those machines.

We try do this:

cytool protect disable

And then try uninstall, but does,t resolv

Closure of Bulk Alerts

Hello,

Can anyone please suggest on how we can close bulk alerts on XDR. Currently we can only select 100 at a time.

XQL question command line with " to XQL query

Hello dear community, 

is there a way to put the whole command line into the XQL query? As you can see the doublequotes are already set by the command line itself. 

In SQL I know to do it whith extra double quotes ""XYZ"". But how does that work with

Cortex XDR Postman API Collection

Simplify each step of building an API and streamline collaboration so you can create better APIs faster with Postman.

Read Cortex XDR Postman API Collection to learn more on this topic from our experts!

Palo Alto Networks Contributor:

Tiago

A question from the Alert Tuning Operations Webinar: Signing level in a child process

We have a mac-device on which even a reinstalled chrome creates child processes (Google Chrome Helper) that are apparently below the signing level of the parent process. Their signatures seem to be valid. Seems like whitelisting the hash of the initi

Cortex XDR Custom Prevention Profiles

Hi Palo Alto Team and Community!

I am recently working on Custom Prevention Rules on Restriction Profiles on Cortex XDR. 

I understand that I need to create user defined BIOC then attach it to a Restriction Profile for it to be a custom prevention ru

A question from the Alert Tuning Operations Webinar: Alerts & Exclusions

If I right click on an alert and create an exclusion, does that also only exclude the alert for this specific user-name? Which fields does it use exactly? Where can I see these exclusions afterward?

*Note: This question was submitted during our cus