Cortex XDR Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

cannot install cortex on server core 2022

Hi all

i try to install cortex agent 7.8 on server core 2022 but it fails with little explanation

did someone success on it ?

=== Verbose logging started: 21-10-22 10:56:37 Build type: SHIP UNICODE 5.00.10011.00 Calling process: C:\Wind

...

Blocking executions of IOC without showing any alerts

Hello ,

Please help us with the process of blocking of IOC process coming from various campaigns in cortex XDR .

Regards,

Shashank

Resolved! Automatically changing the status of incidents

Hello,

Cortex XDR is changing the status of incidents from Resolved to Under Investigation automatically. Why is this happening?

Named pipe hunting -Cortex XDR Pro

Hello dear community!

Is there a way to hunt for named pipe communication?

BR

Rob

https://svch0st.medium.com/guide-to-named-pipes-and-hunting-for-cobalt-strike-pipes-dc46b2c5f575

How to query for Vulnerability Assessment Data

I would like to query XDR externally for the data stored in the Host Insights > Vulnerability Assessment page.

I looked through all of the available APIs, but none of them seem to have data related to CVEs. I would not be opposed to writing a custom

...

Resolved! Application Whitelisting (like Applocker, WDAC/MDAC, Airlock Digital) with Cortex XDR Pro?

Hello dear communinty,

we would like to know, if there will be a functionality in the future like applocker or MDAC for whitelisting applications/scripts/etc.. If they are not in out WL, they cannot be executed and we get a information/alert.

T

...

Resolved! Filter incidents on action in Cortex XDR

Hello,

I would like to filter incidents on what kind of actions have been taken. Is this available or should I make a feature request somehow?

Ie. filter on all incidents containing alerts that have prevented as action. Or Filter out any where the

...

Resolved! Cortex XQL incident query

Hello PAN community !!

I'm new in this platform and I am a little lost here. I'm trying to create a query to list all endpoints of a specific endpoint group with all its incidents (malware,etc).

To get the endpointgroup and its endpoints I'm using

datas

...

Cortex XDR: False Positive detection of VulnDetect scripts

Hi,

A number of our customers has complained about our signed PowerShell scripts being flagged and, in some cases, blocked by Cortex XDR.

The scripts in question can be found here:

https://stream.vulndetect.com/e/task.ps1

https://stream.vulndetec

...

Resolved! Linux support for XDR

Hi,

Which Linux distributions does Cortex support?

Host Firewall

Hello Team,

We intend to enable the Host Firewall feature in the Cortex XDR. Please give us a brief overview of how this feature works.

Not able to set Proxy for Windows 2012 servers

Hello ,

We are unable to see few servers in our endpoint list. But the user confirmed it has cortex installed in it and is enabled also particularly For Windows 2012 servers we're not able to set the proxy and for some hosts last seen connected dat

...

Agents Intermittently Disappearing in Cortex XDR Then Shows Up

Hi,

Some Agents in Cortex DXR disappears then shows up after few days - no pattern at all

If my understanding is correct, if the Agents are disconnected or there's a connection lost, the Endpoint Status column will dictate it.

But the Agents in q

...

Cortex XDR PoC: Monitoring Malicious Chrome Extensions

PoC Lab: Monitoring Malicious Chrome Extensions

By: @mfakhouri

Executive Summary

With the convenience Chrome extensions provide, such as ad blocking, enhanced web viewing, and improving user experiences, it is no surprise that malicious act

...

Operational status unprotected with error message running without valid content

Related to Cortex XDR

we are observing operational status as unprotected for some endpoints and the error says running without valid content.
But at the same time we also observed some of the agents running on the the latest agent version also having

...

Discussions

Welcome to the Cortex XDR Discussions!

Rules and Best Practices

cannot install cortex on server core 2022

Blocking executions of IOC without showing any alerts

Resolved! Automatically changing the status of incidents

Named pipe hunting -Cortex XDR Pro

How to query for Vulnerability Assessment Data

Resolved! Application Whitelisting (like Applocker, WDAC/MDAC, Airlock Digital) with Cortex XDR Pro?

Resolved! Filter incidents on action in Cortex XDR

Resolved! Cortex XQL incident query

Cortex XDR: False Positive detection of VulnDetect scripts

Resolved! Linux support for XDR

Host Firewall

Not able to set Proxy for Windows 2012 servers

Agents Intermittently Disappearing in Cortex XDR Then Shows Up

Cortex XDR PoC: Monitoring Malicious Chrome Extensions

Operational status unprotected with error message running without valid content

Rare Login Query Not Working

Help with fine tuning a query using $arguments and enclosing them in "quotes"

Details regarding %PROGRAMDATA%\Cyvera\ folders

How to check powershell version at cortex XDR

Cortex VM Broker SNMP monitoring

[Cortex XDR] Are there any How-To video recordered about Windows Event Collector applet for the broker VM?

Cortex Broker Mapper scans

Re: Cortex XDR 8.2+ Not Able to Uninstall - Not Showing In Programs (Windows)

Re: Cortex XDR Get Incident API function 'hosts':None

Re: Rare Login Query Not Working

Unlock your full community experience!

Rules and Best Practices

Resolved! Automatically changing the status of incidents

Resolved! Application Whitelisting (like Applocker, WDAC/MDAC, Airlock Digital) with Cortex XDR Pro?

Resolved! Filter incidents on action in Cortex XDR

Resolved! Cortex XQL incident query

Resolved! Linux support for XDR