Query Share: XDR/PAN-OS URL Category Stitched Correlation Alert

Wanted to share a useful XQL query we have setup as a correlation rule in case anyone else finds it beneficial. This query requires that you have PAN-OS firewall URL logs available within XDR datasets, for example being sent to Cortex Data Lake. The

Install Cortex XDR agent for Mac using shell script

Can we use a script or command line to install Cortex XDR agent for Mac? Please advise. 

Scan stuck on \\?\GLOBALROOT\Device\HardiskVolume3\System Volume Information\tracking.log

Hello, we are using Cortex in a Citrix PVS environment.

We installed the agent with the VDI flag on the master vDisk. When we try to generate a scan on the new version of the vDisk, it always stuck on this file: 

 \\?\GLOBALROOT\Device\HardiskVolume3\S

Support for Azure Stack HCI OS

Hi Community!

Can anyone tell me when PAN will support Cortex XDR Agent on Microsoft Azure Stack HCI Os,

that is based on Windows Server 2019/2022?

https://azure.microsoft.com/en-us/products/azure-stack/hci/#overview

OS is out now for 1,5 years and no

Determining WHO Resolved An Incident In Cortex XDR

I would like to determine how to view the identity of the user who resolved an incident in Cortex XDR. Presently the only artifact available is a "Resolved Timestamp". This however tells you WHEN an incident was resolved not WHO resolved it.

Is there

How to Activate Cortex XDR

Hi all, 

Can you please guide me that how to activate Cortex XDR tenant account?

Thanks in advance!

Really appreciate the help.

Removable Media Extension Profile

I wanted to get everyone else's 2 cents here and see how other people are doing it. My goal here is to prevent writing data to unapproved removeable media but allow reading. I created an device configuration extension profile with disk drives set as

Alert for each time a usb device is plugged

Hello,

Is there any way to set up an alert for each time a USB device is plugged into a host?
Even if it's not malicious.

How to make console accessible to domain user?

Hello!

I'm new around here and I have a question.

How to make Cortex XDR console to be accessible only to domain users?

So only users connected to the domain network can access the Cortex XDR Console.

It'd be very helpful if you provide related document

Cortex XDR has Blocked a Malicious Activity but No Program Listed

Attached images show the pop-up that is going around our network this morning.  Unlike before where it would list the program Cortex blocks there is nothing there and is pointing at Microsoft for the cause.

Is this a false positive?  A windows servic

Http logs collector example not working

Hi
hope this is the right place to ask this question
We were given a temp user to play around with the Cortex XDR and we are trying to insert some dummy data into it.

I am trying to insert data using an Http logs collector, following this guide
unfortuna

Analytics BIOC Rules - Causality Change - No. of alerts rising, but where to see who, why and what?

Hello Admins, 

We use Analytics BIOC Rules. But where is the Causality Change? No of alerts rising, but where to see who, why and what?

Thank you! 

BR

Rob