Test Custom BIOC Rules

Hi Expert,

Please help me to create custom BIOC rules for the testing.

My company want to create rules bioc informational if We create/delete spesific file in spesific folder, and the information will appears in incidents.

Is it possible? 

If is it poss

Deleting Connection lost endpoints in Cortex XDR

Hi,

I want to know if I delete the connection lost system, will it delete the XDR agent installed on that system as well? Or the agent will still remain there?

Regards

Connecting an VM Broker to an offline endpoint

Hello everyone,

Do excuse me for my rather lack of experience. I was wondering if there was any way for me to connect a VM broker that acts as a proxy for it to allow an offline endpoint to be connected to the internet?

I appreciate any advice given

Analytics engine time to establish baseline

Hi all, 

I have a question about the analytics engine - how long does it take for it to establish a baseline?

I had it enabled yesterday and it started to give out alerts during the night, in the span of several hours. 

seems like a rather short time to

CORTEX XDR Installation Error 1067

I am not able to install COrtex XDR in a WIN10 computer;

When we try to start the service below we received error message 1067

Cortex XDR multiple local malware analysis alerts on seemingly legit programs

Hi all,

I have a user whose agent generated a significant number of local malware alerts.

However, all of those alerts are generated on legit things like ms teams, vs code, iwconfig etc.

Morever, It's only on this user - those alerts dont pop up on the

XDR blocking thunderbolt mac docks

Hi all, question - can the XDR block a thunderbolt dock for macs? furthermore - all device control violations logged in the xdr main console, right?

Malicious files not found after Scanning

Hi,

After scanning, Cortex XDR agent detected some malicious files. But while taking live terminal and remote of that system, I cannot find those files in that particular path. Can anyone please tell, what might be the reason?

Regards 

Cortex XDR - How We Distinguish Ourselves From a SIEM Solution

When running a SIEM, you need to have a huge team of many Analysts Level 1, Level 2, Level 3… Escalations to lateral teams (sometimes to take actions such as isolating endpoints/servers, gathering/deleting suspicious files, etc). It is laborious a

XDR Linux agent - what is the dypd process?

What is the purpose of the dypd process?

sudo /opt/traps/bin/cytool runtime query
 Name PID User Status Command
pmd 32757 root Running /opt/traps/bin/pmd
analyzerd 534 474 Running /opt/traps/analyzerd/analyzerd 71 73 75
dypd 517 root Running /opt/traps/b

XDR command line scan

Hi All, I've been looking at the functionality of the cytool command line and cannot find a way to scan a particular file, which is available if you right click the file in Windows. Can anyone tell me if the ability to scan an individual file, or fol