Hi,
I've just noticed this recently. A while ago when I added .csv file to a report, it was formatted with coma between columns. Now it is using a tab what cusses export to Excel more difficult. Is any setting which can be use to change it back?
Hello dear community,
is this now the long awaited feature, which gives us the possibility to have a CVE-scoring on Windows applications?
BR
Rob
Dear All,
Do you know why the content updated, cannot open the task manager?
Cortex XDR
"ruleId": "bioc.masqueraded_process_msft",
"fileIdx": 0,
"modules": [],
"profile": "Malware",
"sockets"
What is the difference between Legacy agent exception and Disable prevention rules?
This was asked in another discussion but the answer does not resolve the question asked (https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/exception-and-e
...
3.10 activated in our tenant yesterday and along with that, our endpoints started upgrading to 8.3 (we are one release behind the latest).
This morning we were deluged with calls about unresponsive endpoints.
We stopped the automatic endpoint upgra
...
I'm trying to run a query to get a count of how many times combinations of the values in "initiated_by" and "initiator_path" occur for an alert in the alerts dataset.
For example:
binary1.exe c:\temp\blah 6
binary2.exe c:\temp\blahblah 12
I'm trying to
Hello,
I do represent a company called Arx One. We have been publishing a backup software suite (backup agent, agent management console) for more than 15 years now and those software are installed on our customers' workstations, servers or NAS (Window
Curious to know, of all the modules offered in Cortex XDR, exactly which ones are used during Pre-execution and Post-execution phases?
Since our recent renewal, which is reflected in Assets in the support portal, attempting to Cortex XDR results in an error message of "Failed to load license data or license is expired."
Background: We recently renewed our Cortex XDR Pro license. W
...
Hello,
Could you give me assistance to generate a query to detect when the firewall is disabled?
Best regards.
Not able to see Asset in Cortex portal. Cortex XDR agent is installed on Asset.
Asset is a Ubuntu 28.04 VM on GCP, having access to internet.
root@dev-vcs-martin1:/var/log/traps# dpkg -l | grep cortex-agent
ii cortex-agent 7.9.0.82606 amd64 Palo Alto
Hi
I want to write an XQL query wherein i will be able to get both details of incident and Alerts in one table.
I want to correlate Incident ID and Description with the tables found in Alert dataset like CGO, Initiated by, Action process etc
Hello,
I have a few questions and I would be happy If you answer them.
Questions:
Hello everyone,
I would like to replicate some queries in Cortex using XQL, but I have many doubts with this language and I am arguing with it
Example:
T1140 Deobfuscate/Decode Files or Information
DeviceProcessEvents
| where ProcessVersionInfoProdu...
We've been running XDR Pro per endpoint since late 2022 with the host insights add-on licensed and enabled for all endpoints.
CVE data exists for around 12% of the endpoints and include every OS, etc... no rhyme or reason why some work, but most do no
