dashboard to view logins

What's up community!

I'm trying to create a dashboard in Cortex XDR that allows me to see user logins and log outs.

Is this possible with XQL? Or, for example, log when the endpoint was powered on.

I would greatly appreciate the help.

#cortex #cort

How to Deliver Upgrades to Endpoints with a Connection Lost Status

Dear Community,

I am encountering a challenge with the XDR agent upgrades. Although we distribute updates through the Action Center, agents in a "Connection Lost" state are not included as upgrade targets.

In our environment, some devices remain offl

Warning on malware profile being set to report only

Is anyone else seeing warning being generated on malware profiles and and their associated policies please?

For a couple of weeks, all of our Windows policies have been in a warning state. Investigating this we found that the malware profile was ge

Integrating Log Audit Management XDR / XSOAR

Dear Community,

Is there any documentation about how to integrate Audit Management XDR and XSOAR for a SIEM like Elastic? I need a centralized log audit for monitoring.

Thanks

Cortex scan report

Hello all,

I am a new user of Cortex XDR and I noticed that upon scanning a host, the malicious files identified by the scan are so difficult to find. I was expecting a proper scan report, where I can actually see the name and path of the identifie

XQL Query Assets XSOAR

Hi everyone,
I need your help.
I'm trying to create a CMDB using a playbook in Cortex XSOAR  , pulling data from the Cortex XDR tab Asset Inventory (XDR-managed devices as well as others collected via mappers and IoT firewalls).

My idea is collect all a

Cortex XDR to block specific powershell script

Hello Team,

I have a script that I would like to block across the entire estate.
Is there a way to achieve this in Cortex?

Thank you.

Detect user who moved a folder using XDR and XQL

Hi everyone,

I need help identifying which user moved a specific folder from a network share to another location. The only information I currently have is:

• The old folder path (e.g., \\server\share\oldfolder)
• The new folder path (e.g., \\server\users\

Cortex XDR "The target location already contains a file named" problem

Hi, 

I have a problem after installing the XDR Cortex agent.

Windows 10,11. When trying to copy any file to the network share (Synology), which was created on the workstation after the agent installation, I receive the message "The destination alread